skip to Main Content

Cybercrime, Pay2Key emerge as a new and dangerous ransomware

CheckPoint: Pay2Key is a new ransomware used by cybercrime actors to attack large companies. The malware appears to be developed from scratch. It’s detected only by a single Virus Total engine

Pay2Key is a new ransomware used by cybercrime actors to attack large companies. It has been discovered by CheckPoint cybersecurity experts. The attackers followed the same procedure to gain a foothold, propagate and remotely control the infection within the compromised companies. They may have gained access to the organizations’ networks some time before the attack, but presented an ability to make a rapid move of spreading the malware within an hour to the entire network. After completing the infection phase, the victims received a customized ransom note, with a relatively low demand of 7-9 bitcoins (~$110K-$140K). Moreover, Pay2key appears to be developed from scratch. Only a single engine on VirusTotal detected the uploaded samples as malicious, even though the ransomware does not use a Packer or protection of any kind, to hide its internal functionality. Furthermore, internally, it is named Cobalt (not to be confused with Cobalt Strike) and until now has targeted Israel and European companies.

Back To Top