On October 23, 2017, the Iranian CERT published a warning against a ransomware called Tyrant attacking Iranian computers running Microsoft Windows.
According to the announcement, the malware was hidden as Psiphon, a VPN software which is very popular in Iran. After opening it, users were presented with a Persian-language message that their computer had been infected by a ransomware called Tyrant, and that all files and data on their computer had been encrypted. Furthermore, the message stated that since the moment of infection, the user had 24 hours to pay the hackers $15 in the cryptocurrency WebMoney. Users were given instructions on how to effect payment, and were warned that in the event that they didn’t comply, their files would be eliminated.
According to the Iranian CERT team, over half of the popular antivirus programs are unable to detect that ransomware. A list of various software programs that are able to cope with it is yet to be published. Experts estimate that the current attack is the first stage of a wider attack which will take place in the forthcoming days. According to estimates, thousands of computers will be infected by the ransomware.
In this context it was mentioned that most computers in Iran run unauthenticated operating systems. Furthermore, users seldom install antivirus programs, and even in such cases, the programs are not up-to-date.