Several Israeli companies were attacked by the Pay2Key encryption virus

09.11.2020
A few large companies in Israel reported that their computer networks were compromised and infected with a new extortionist virus Pay2Key.

It seems that hackers launched an organized attack on Israeli companies in late October. At first the number of hackings was small, but the number of affected companies continues to grow;

«The number of messages about attacks related to Pay2Key virus is growing every day» — mark
representatives of the Check Point company working in the field of cybersecurity.

According to computer security specialists, attacks pass through the vulnerable connection via RDP protocol around midnight. Night attacks are much easier to pass, because there are much fewer IT specialists on duty in the victim company. After gaining access to an infected computer, attackers run copies of the virus using the psexec command on all available computers on the local network. It only takes an hour for hackers to infect the infrastructure;

Once the encryption of the files on the company servers and computers is complete, hackers leave the file with a ransom demand in bitcoins for decryption. Usually they ask for 7 to 9 BTC, i.e. $110 000-$140 000 at the current rate;

The specialists of Check Point stressed that Pay2Key virus was created from scratch, and the used algorithm for encrypting files using AES and RSA algorithms makes it impossible to create a mass free decryptor. It is not yet known who created the virus and why only Israeli companies are among the victims;

Also on November 7th the attacks of Ragnar Locker encryption virus on Capcom and spirits manufacturer Campari Group.
were recorded;