Iran paid ‘million-dollar ransom’ after hack hits banking system

A massive cyberattack that hit Iran last month threatened the stability of its banking system and forced it to agree to a multi-million dollar ransom deal, according to a report in the magazinePolitico

The magazine quoted people familiar with the matter as saying that an Iranian company paid at least $3 million in ransom last month to prevent an unknown group of hackers from publishing individual account data from up to 20 local banks.

It is the worst cyberattack the country has ever seen, according to industry analysts and Western officials familiar with the matter.

Officials said a group known as IrLeaks, which has a history of hacking Iranian companies, was likely behind the attack. The hackers reportedly initially threatened to sell the data they had collected, which included the personal account and credit card details of millions of Iranians, on the dark web unless they received $10 million in cryptocurrency, but later settled for a smaller sum.

Officials said Iran’s authoritarian regime pushed for a deal, fearing that the data theft could destabilize the country’s already volatile financial system, which is under severe strain amid international sanctions.

Iran has never acknowledged the mid-August breach, which forced banks to close ATMs across the country.

Iran’s supreme leader sent a coded message in the wake of the attack, blaming the United States and Israel for “spreading fear among our people,” without acknowledging that the country’s banks were under attack.

People familiar with the Iranian banking hack told Politico that IrLeaks is neither affiliated with the United States nor Israel, suggesting the attack may have been the work of independent hackers driven primarily by financial motives.

In December, Air Leaks claimed to have stolen customer data from nearly two dozen Iranian insurance companies and hacked Snap Food, a delivery service. Officials said that while the companies agreed to pay Air Leaks a ransom, it was far less than the group received from the banking breach.

The group accessed bank servers through a company called Tousan, which provides data and other digital services to Iran’s financial sector, the officials said. Using Tousan, the hackers appear to have stolen data from both private banks and Iran’s central bank. Of the 29 active credit institutions in Iran, as many as 20 were compromised, said the officials, who asked not to be identified.

Among the banks affected were the Bank of Industry and Mines, Mehr interest-free Bank, Postal Bank of Iran, Zamin Bank of Iran, Sarmayeh Bank, Iran-Venezuelan Dual Bank, Day Bank, Shahr Bank, Eqtesad Bank, and Saman, which also has branches in Italy and Germany. The regime eventually forced Toussaint to pay the Ir Lex ransom, according to a person familiar with the events.

Leave a Comment