Iran steps up ransomware demands in crypto

August 08, 2018
Chris Wheal

Iran-based malware using cryptocurrencies to extort ransom is set to rise, according to global consulting firm Accenture.

The warning comes in the wake of the Trump administration’s recent decision to rescind its backing of the Iran nuclear accord and reimpose sanctions on the country.

Accenture said it had traced five new kinds of ransomware back to hackers in Iran.


For instance, “WannaSmile” demands a payment of 20 bitcoins and promotes Iran-based payment processors and exchanges as sources through which to buy the crypto.

Another Iranian malware programme known as Black Ruby only targets non-Iranian IP addresses.

Accenture said the Iranian government itself was likely to be behind the increasing attempts to extort digital ransom from victims around the world.

Wannasmile Black Ruby

Iranian ransomware includes WannaSmile and Black Ruby

State sponsored

“The development and use of ransomware from Iran is likely to continue. The increased repurposing of popular malware by Iranian-based threat actors could lead to the use of ransomware for destructive purposes by state-sponsored organizations,” said Accenture.

While the Iranian government is alleged to be increasingly resorting to crypto-linked ransom demands, Iranian citizens are also understood to be turning to digital coins to get funds out of the country.

This is despite the move earlier this year by Iran’s central bank to restrict the use of cryptocurrencies by the country’s financial institutions.

Post written by Chris Wheal
Chris Wheal is editor of OpenLedger's news and features service. An award-wining business journalists himself, he runs a team of freelance journalists from across the UK and north America.

Related News

OL DEX is closing all activities April 25, 2020
USDT (ERC-20) Gateway Enabled April 17, 2020