VERY IMPORTANT

Pay2Key, an Iranian-backed ransomware-as-a-service operation, has re-emerged as Pay2Key.I2P, targeting Western organizations. Linked to the Fox Kitten APT group and collaborating with Mimic ransomware, the campaign has collected over $4 million in ransom payments in four months. The group offers an 80% profit share to affiliates supporting Iran or attacking its enemies, blending financial motivations with geopolitical objectives. Pay2Key.I2P employs sophisticated evasion techniques, including anti-analysis checks and obfuscation methods. The operation's strategic marketing on darknet forums and social media platforms indicates a planned rollout, with the addition of Linux-targeted ransomware expanding their attack surface.