{ "id": "c183d101-05f3-4a84-bb34-4b83bdfa22c5", "created_at": "2026-05-01T03:10:33.466557Z", "updated_at": "2026-05-01T03:10:50.762755Z", "deleted_at": null, "sha1_hash": "1889e4ec9b7f241f6144ea34de61a2ee8ffdff35", "title": "Significant ransom payment by major Iranian IT firm underway", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1967272, "plain_text": "Significant ransom payment by major Iranian IT firm underway\r\nBy SC Staff\r\nPublished: 2024-09-09 · Archived: 2026-05-01 02:03:04 UTC\r\nRansomware, Threat Intelligence\r\nSeptember 9, 2024\r\n(Adobe Stock)\r\nMajor Iranian IT vendor Tosan has been providing ransom payments on an installment basis following a\r\nsignificant cyberattack by the IRLeaks threat operation last month, which was reported to have compromised data\r\nfrom nearly 70% of the country's active credit entities but has been denied by the Iranian government,\r\nreports CyberScoop.\r\nNearly $561,000 worth of Bitcoin, or less than a third of the demanded ransom, has already been sent by Tosan to\r\nIRLeaks' cryptocurrency wallet since both parties began negotiations in early August, which commenced with the\r\npayment of a Bitcoin in exchange for the removal of IRLeaks' posting on Telegram before settling to a 3 Bitcoin\r\nper week arrangement until the 35 Bitcoin total is reached, according to emails between Tosan CEO Arash Babaei\r\nand IRLeaks provided by a third party and verified by a source close to the matter. At least two different Iranian\r\nexchanges provided payments to the wallet, which has also been used by threat actors for IT infrastructure\r\npurchases, noted Chainalysis Head of Cyber Threat Intelligence Jackie Burns Koven.\r\nGet essential knowledge and practical strategies to protect your organization from ransomware attacks.\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 1 of 4\n\nSC Staff\r\nRelated\r\nKryBit retaliates against 0APT with extensive data leak\r\nSC StaffApril 30, 2026\r\nNewly identified ransomware-as-a-service operation KryBit has compromised fellow nascent RaaS gang 0APT\r\nand exposed its full operational information, including access logs, system files, and PHP source code, in\r\nretaliation for the latter's initial leak of some of its data earlier this month, reports Infosecurity Magazine.\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 2 of 4\n\nReport sheds light on Chinese phishing campaigns against journalists, activists\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 3 of 4\n\nSC StaffApril 30, 2026\r\nReport sheds light on Chinese phishing campaigns against journalists, activists Chinese state-backed freelance\r\nhackers have launched a pair of phishing campaigns aimed at journalists and opposition activists in Taiwan, Hong\r\nKong, Tibet, and China's Uyghur region in a span of nine months, according to The Record, a news site by\r\ncybersecurity firm Recorded Future.\r\nGet daily email updates\r\nSC Media's daily must-read of the most current and pressing daily news\r\nSource: https://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway" ], "report_names": [ "significant-ransom-payment-by-major-iranian-it-firm-underway" ], "threat_actors": [], "ts_created_at": 1777605033, "ts_updated_at": 1777605050, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/1889e4ec9b7f241f6144ea34de61a2ee8ffdff35.pdf", "text": "https://archive.orkl.eu/1889e4ec9b7f241f6144ea34de61a2ee8ffdff35.txt", "img": "https://archive.orkl.eu/1889e4ec9b7f241f6144ea34de61a2ee8ffdff35.jpg" } }