In a surge of cyberattacks that began last week, a new ransomware group known as ‘N3TW0RM’ targeted Israeli companies.
At least four Israeli companies and one nonprofit organization were successfully breached in these attacks, according to Israeli news Haaretz.
N3TW0RM ransomware has a data leak platform where they threaten to release stolen files to intimidate their victims into paying a ransom.
H&M Israel and Veritas Logistic’s networks are two of the Israeli companies that have already been identified on the ransomware gang’s data leak, with the threat actors reportedly leaking data stolen during the Veritas attack.
According to the ransom notes, the ransomware gang did not request large ransom demands in comparison to other enterprise-targeting attacks.
According to Haaretz and BleepingComputer, the ransomware gang has not demanded especially large ransoms in comparison to other enterprise-targeting attacks.
Veritas’ ransom demand was three bitcoins, or roughly $173,000, according to Haaretz, while another ransom note shared with BleepingComputer indicates a demand of 4 bitcoins, or roughly $231,000.
The N3TW0RM ransomware, according to a WhatsApp message exchanged among Israeli cybersecurity researchers, shares some characteristics with the Pay2Key attacks that occurred in November 2020 and February 2021.
Pay2Key has been linked to the Fox Kitten hacking group, an Iranian nation-state hacking group whose mission was to disrupt and damage Israeli interests rather than collect a ransom payment.
At this time, no hacker groups have been linked to the N3TW0RM ransomware attacks.
N3TW0RM is suspected of being used to cause havoc for Israeli interests due to the low ransom demands and lack of response to negotiations.
However, Arik Nachmias, CEO of incident response firm Honey Badger Security told BleepingComputer, the intention behind these attacks in N3TW0RM’s case are for money.
Latest in Cybersecurity: Apple releases updates for iOS zero-day vulnerabilities