A ransomware named Tyrant has targeted Iranian computers running on Microsoft Windows.
Iran Computer Emergency Response Team Coordination Center (Iran CERTCC) has reported the attack on its official website.
The center, affiliated with the Ministry of Communications and Information Technology, is yet to report the number of computers affected by the ransomware attack.
It is a kind of cyber attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid.
For cybercriminals to gain access to the system, they need to download a type of malicious software onto a device. This is often done by getting a victim to click on a link or download it by mistake.
Iran CERTCC has reported that in most cases the ransomware has been disguised as Psiphon, a locally popular VPN program.
Once the software is on a victim's computer, the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another.
After encrypting the user’s data, cybercriminals often demand payment in return for unlocking the files. This is normally in the form of online cryptocurrencies that are not traceable.
Iran CERTCC has reported that after being hit by the attack, users receive a message in Persian, which reads as follows, “You have been infected by Tyrant ransomware. All the files and data stored on this device have been encrypted.”
After seeing the message, users will have 24 hours to pay $15 to the hackers in the form of WebMoney, an online cryptocurrency. The message also includes instructions in Persian about using the electronic money. In case users do not comply with the hackers’ demands, the files will be eliminated.
The local response team says more than half of the popular antivirus programs cannot detect the ransomware. The center is yet to publish a list of programs that can counter the attack.
Professionals believe that this is the first phase of an attack and in the coming days, thousands of computers will be infected by the ransomware.
Most computers in Iran run on unauthenticated operating systems and users seldom install antivirus programs on their devices and even when they do, the programs are not updated.
Earlier in May, the WannaCry ransomware, which targeted millions of computers globally, infected 2,000 computers in Iran.
>Precautions
One of the best protections against ransomware attacks is having all files backed up in a completely separate system.
Simply put, it is impossible to prevent hackers from launching an attack. However, some precautions can reduce the risk of infection.
For instance, the attackers need to download the malware onto a computer or smart device and then install them. They do this by using compromised emails and websites.
Always be wary of unknown emails and never click on links that you do not recognize the source of, in addition to installing an antivirus and keeping it updated.
Computer users in Iran can email cert@certcc.ir or call the following numbers in case their operating system gets infected by a ransomware 021-22115950 or 021-4265000.
 
          

