Pay2Key ransomware operators claim to have stolen sensitive data fr om Habana Labs, an Israeli developer of AI processors, which was acquired by Intel in December 2019. The gang said on Twitter that they had hacked into the company’s network and gained access to confidential information.
The group also posted a link to their leak portal wh ere they shared some stolen data, including Windows domain account information, DNS zone information for the domain, and a file listing from its Gerrit development code review system, as well as business documents and source code images.
At present, it is unclear if hackers are seeking to demand a ransom, however, the crew has said that Habana Labs has “72hrs to stop leaking process.”
Pay2Key is a relatively new ransomware strain first observed in targeted attacks against Israeli companies in November 2020. The Pay2Key ransomware is written in C++ and compiled using MSVC++ 2015. It heavily relies on Object-Oriented Programming and uses well-designed classes for its operation. It also makes use of 3rd-party libraries like Boost.
Researchers from Profero believe that the Pay2Key ransomware operation is orchestrated by Iranian threat actors after they traced the group's ransom payment wallets to Iranian bitcoin exchanges.