‼️ Iranian ransomware group Pay2Key is back, targeting a US health organization in late February...

Summary

Pay2Key, an Iranian-linked ransomware group, has returned to active operations after roughly 2.5 years of dormancy, launching an attack against a US healthcare organization in late February 2024. The group's previous known activity was in September 2021. This resurgence suggests renewed operational capability or strategic shift by the threat actor.

Indicators of Compromise

• malware — Pay2Key