{ "id": "cf416902-38b3-48ee-b62c-6e3560c0cc80", "created_at": "2026-04-06T00:10:42.664973Z", "updated_at": "2026-04-10T03:33:20.853574Z", "deleted_at": null, "sha1_hash": "e97e0aa691a49e0022c43cc9bb536a865cdd3bc1", "title": "Significant ransom payment by major Iranian IT firm underway", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2488233, "plain_text": "Significant ransom payment by major Iranian IT firm underway\r\nBy SC Staff\r\nPublished: 2024-09-09 · Archived: 2026-04-05 17:54:45 UTC\r\nRansomware, Threat Intelligence\r\n(Adobe Stock)\r\nMajor Iranian IT vendor Tosan has been providing ransom payments on an installment basis following a\r\nsignificant cyberattack by the IRLeaks threat operation last month, which was reported to have compromised data\r\nfrom nearly 70% of the country's active credit entities but has been denied by the Iranian government,\r\nreports CyberScoop.\r\nNearly $561,000 worth of Bitcoin, or less than a third of the demanded ransom, has already been sent by Tosan to\r\nIRLeaks' cryptocurrency wallet since both parties began negotiations in early August, which commenced with the\r\npayment of a Bitcoin in exchange for the removal of IRLeaks' posting on Telegram before settling to a 3 Bitcoin\r\nper week arrangement until the 35 Bitcoin total is reached, according to emails between Tosan CEO Arash Babaei\r\nand IRLeaks provided by a third party and verified by a source close to the matter. At least two different Iranian\r\nexchanges provided payments to the wallet, which has also been used by threat actors for IT infrastructure\r\npurchases, noted Chainalysis Head of Cyber Threat Intelligence Jackie Burns Koven.\r\nGet essential knowledge and practical strategies to protect your organization from ransomware attacks.\r\nSC Staff\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 1 of 3\n\nRelated\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 2 of 3\n\nGet daily email updates\r\nSC Media's daily must-read of the most current and pressing daily news\r\nSource: https://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nhttps://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.scmagazine.com/brief/significant-ransom-payment-by-major-iranian-it-firm-underway" ], "report_names": [ "significant-ransom-payment-by-major-iranian-it-firm-underway" ], "threat_actors": [ { "id": "99c72af2-9b8a-412d-840b-09a9d54dec81", "created_at": "2024-09-20T02:00:04.583095Z", "updated_at": "2026-04-10T02:00:03.699949Z", "deleted_at": null, "main_name": "IRLeaks", "aliases": [], "source_name": "MISPGALAXY:IRLeaks", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434242, "ts_updated_at": 1775792000, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e97e0aa691a49e0022c43cc9bb536a865cdd3bc1.pdf", "text": "https://archive.orkl.eu/e97e0aa691a49e0022c43cc9bb536a865cdd3bc1.txt", "img": "https://archive.orkl.eu/e97e0aa691a49e0022c43cc9bb536a865cdd3bc1.jpg" } }