A new ransomware gang known as ‘N3TW0RM’ is targeting Israeli companies in a wave of cyberattacks starting last week.
According to Israeli media Haaretz, at least four Israeli companies and one nonprofit organization were successfully breached in these attacks.
N3TW0RM has a data leak site where they threaten to leak stolen files in order to scare their victims into paying a ransom.
Two of the Israeli businesses, H&M Israel and Veritas Logistic’s networks, have already been listed on the ransomware gang’s data leak, with the threat actors already leaking data allegedly stolen during the attack on Veritas.
As per the ransom notes, the ransomware gang did not ask for large ransom demands compared to other enterprise-targeting attacks.
Haaretz reports that Veritas’ ransom demand was three bitcoins (approx. $173,000). According to a WhatsApp message shared among Israeli cybersecurity researchers, the N3TW0RM ransomware shares some characteristics with the Pay2Key attacks conducted in November 2020 and February 2021.
Pay2Key has been linked to an Iranian nation-state hacking group known as Fox Kitten, whose goal was to cause disruption and damage to Israeli interests rather than generate a ransom payment.
The N3TW0RM attacks have not been attributed to any hacking groups currently.
Due to the low ransom demands and lack of response to negotiations, it is believed that N3TW0RM is also being used for creating chaos for Israeli interests.
Image Credits : Israel Defense