Every week approximately a thousand institutions in Israel are hit with a cyberattack. It is a constant barrage of computer infiltrations. Most are ransomware attacks, and the motive was money.In 2021, several incidents featured attackers demanding ransom, but their behavior ran counter to typical ransomware heists and suggested that lurking beneath the surface, they had different goals. They made their demands with extroverted gusto, like they intended their crime to be a public act.
Last October, in what is called the “Atraf” hack, Black Shadow, a group with links to Iran, hacked into the servers of CyberServe, an Israeli hosting company, accessing websites and applications of the company’s customers. Many digital hostage-taking organizations originate from the same hotbeds where disinformation campaigns are generated, like Russia, Ukraine, North Korea, and the Philippines. Ransomware travels the same political divisions as disinformation campaigns, trafficking in the exploitation of economic inequality, fear of immigrants, and racial resentments to undermine public trust in institutions and belief in social stability.
Iran and Israel are bitter foes. After the state of Israel came into existence in 1948, Iran was the second Muslim-majority country to recognize Israel as a sovereign state. Iran retracted recognition after its 1979 revolution and regularly threatens Israel with total annihilation. The cyber realm often reflects real-life tensions so, once high tech entered our lives, the two foes quickly picked up cyber weapons.
This cyber negotiator recently had come across similar fishy attacks on Israeli companies. At one company, he started negotiating with the hacking group called “Pay2Key.” At first, it looked to him like a typical ransom attack, but then he noticed red flags. For example, the group was a previously unknown actor yet they used unusually aggressive language.