Tyrant ransomware threat is being distributed in the country via a compromised VPN app, totally undermining trust in IT departments
Maher, Iran’s Computer Emergency Response Team Coordination Center (CERTCC), has warned that ‘Tyrant’ ransomware is being distributed in the country via a compromised VPN app.
A modified version of the Psiphon VPN client app is being used to spread the ransomware infection, a variant of the DUMB code first seen back in January of this year.
The Farsi language ransom demand asks for just US$ 15 (£11) via either exchanging.ir or webmoney724.ir. There could be good reason for the ransom bar being set so low, if the Iran CERTCC alert is anything to go by. As well as the encryption itself not always managing to encrypt anything, the alert reveals that “despite the fact that there are many changes in the victim’s system registry, it is not able to maintain its functionality after rebooting the system.”