pay2key
1 incidentes
1 paises
1 sectores
ransomware IR Ultimo: 2026-06-25
Pay2Key is a ransomware group that emerged in late 2020, initially targeting Israeli companies before evolving into a Ransomware-as-a-Service (RaaS) model by 2025, operating as Pay2Key.I2P. The group is assessed with high confidence to be of Iranian origin, linked to the state-aligned group Fox Kitten (also known as Lemon Sandstorm). While originally financially motivated, Pay2Key has increasingly demonstrated ideological and geopolitical motivations, particularly in its targeting of entities in the United States and Israel, with recent activities suggesting a shift towards disruptive attacks rather than pure extortion. A key distinguishing characteristic is its rapid intrusion-to-encryption cycle, often completing network encryption within an hour, and its use of the I2P network for command and control in its newer variants, departing from the more common Tor network used by other ransomware groups. The group is also notable for offering significant profit shares to affiliates, especi
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
Paises objetivo (SOCRadar)
United Arab EmiratesAlbania
Azerbaijan
Brazil
Germany
United Kingdom
IsraelIran, Islamic Republic ofMontenegro
Russian FederationSectores atacados
Aerospace (1)
Sectores objetivo (SOCRadar)
Other Information ServicesSoftware PublishersEnterprises & HoldingManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational ServicesSpace & DefenseEnergy & Utilities