Security News > 2020 > November > New Pay2Key ransomware encrypts networks within one hour
A new ransomware called Pay2Key has been targeting organizations from Israel and Brazil, encrypting their networks within an hour in targeted attacks still under investigation.
In a new report by Check Point, researchers say that the threat actors behind Pay2Key ransomware are likely using publicly exposed Remote Desktop Protocol to gain access to victims' networks and deploy the initial malicious payloads.
While the Pay2Key operators infiltrate and are active in the targeted networks before the ransomware begins encrypting systems, they have the "Ability to make a rapid move of spreading the ransomware within an hour to the entire network."
Ransoms up to $140K. Just as in the case of other human-operated ransomware operations, Pay2Key actors will use Microsoft's legitimate PsExec portable tool to remotely execute ransomware payloads named Cobalt.
"While the attack is still under investigation, the recent Pay2Key ransomware attacks indicate a new threat actor is joining the trend of targeted ransomware attacks - presenting well-designed operation to maximize damage and minimize exposure," the Check Point researchers concluded.