Home » Iran » Ransomware named Tyrant attacking computers in Iran

Ransomware named Tyrant attacking computers in Iran

On October 23, 2017, the Iranian CERT published a warning against a ransomware called Tyrant attacking Iranian computers running Microsoft Windows.


According to the announcement, the malware was hidden as Psiphon, a VPN software which is very popular in Iran. After opening it, users were presented with a Persian-language message that their computer had been infected by a ransomware called Tyrant, and that all files and data on their computer had been encrypted. Furthermore, the message stated that since the moment of infection, the user had 24 hours to pay the hackers $15 in the cryptocurrency WebMoney. Users were given instructions on how to effect payment, and were warned that in the event that they didn’t comply, their files would be eliminated. 

According to the Iranian CERT team, over half of the popular antivirus programs are unable to detect that ransomware. A list of various software programs that are able to cope with it is yet to be published. Experts estimate that the current attack is the first stage of a wider attack which will take place in the forthcoming days. According to estimates, thousands of computers will be infected by the ransomware. 

In this context it was mentioned that most computers in Iran run unauthenticated operating systems. Furthermore, users seldom install antivirus programs, and even in such cases, the programs are not up-to-date. 

According to reports, the WannaCry ransomware attack which took place last May around the world infected about two thousand Iranian computers.



This post is also available in: heעברית

Written by Tal Pavel, Ph.D

Tal Pavel, Ph.D., Middle Eastern Studies. Lecturer, commentator, researcher. Expert on technology, Internet and Cyber in the Middle East and the Islamic world. Owner of the Middleeasternet.com website.

Translated by Eldad Salzman

Eldad Salzman
Eldad Salzman, B.A., Middle Eastern Studies (Tel Aviv University). Owner and manager, ESHTAR Translations and Computer Consultancy, currently Eldad Salzman Translations. Translator and editor (Hebrew, English, Esperanto, Arabic and other languages). Translator of bulletins on Middle Eastern affairs, global jihad, worldwide terrorism. Former translator for Israeli cellular companies Cellcom and Partner (Hebrew-English and English-Hebrew). Former lecturer on word processors, data retrieval, and indexing. Admin, editor and contributor, the Hebrew Wikipedia. Moderator of Internet forums (Translation; Linguistics; Esperanto). Topics of interest: Cyber and Internet; Wikipedia; lectures in Esperanto. Lectured on Hebrew and Arabic in the International Congress of Esperanto, Tel Aviv, 2000.