A recent report from The Hacker News reveals that the Iranian-backed ransomware-as-a-service (RaaS) known as Pay2Key has resurfaced as Pay2Key.I2P, offering an 80% profit share (up from 70%) to affiliates who target organizations in Israel and the U.S. (thehackernews.com).
This model not only appeals to criminals’ financial motivations but also underscores a growing ideological dimension driving cyberattacks.
Worryingly, Pay2Key.I2P now operates on the Invisible Internet Project (I2P) network - the first known RaaS to run its infrastructure there - making it exceptionally stealthy and hard to trace. Since February 2025, over 51 successful ransom payouts have been tied to this variant, totaling more than $4 million in ransom earnings, with individual operators netting around $100,000 in profit. It’s also quietly extending its reach: a Linux-targeting option has been added, illustrating how threat actors are broadening tactics beyond Windows executables.
This alarming resurgence highlights a troubling truth for organizations: in an era when threat actors are evolving rapidly, the traditional “detect and respond” approach leaves too much to chance.
1. Reactive, not proactive.
Detection happens after the malware has already breached defenses and invaded systems. By the time an alert is triggered, databases may be encrypted, systems compromised, and damage underway.
2. Alerts overload.
Security teams face alert fatigue. A deluge of warnings makes it hard to distinguish sophisticated threats like Pay2Key.I2P, increasing the risk of false positives or ignored threats.
3. The clock matters.
With advanced RaaS like Pay2Key.I2P capable of swiftly encrypting systems, seconds (or even less) can be the difference between business continuity and disaster.
It’s time for businesses to proactively block malicious behavior rather than chase it. AppGuard - an endpoint protection solution with over 10 years of proven success - shifts the paradigm to "Isolation and Containment."
Here’s how AppGuard transforms your defense:
Prevents execution of unauthorized code. Even if hackers deploy a new RaaS variant, isolation prevents malicious binaries from spreading.
Segments threats automatically. When anomalies occur, AppGuard confines them within isolated compartments, preventing lateral movement and system-wide impacts.
Minimal reliance on signatures or behavior-based detection. This curbs the effectiveness of stealthy threats like those operating via I2P.
Lightweight, proven commercial performance. Trusted for a decade, AppGuard delivers enterprise-grade protection without overwhelming IT teams.
In today’s landscape, where RaaS platforms like Pay2Key.I2P evolve quickly and leverage new infrastructures, isolation-based tools like AppGuard are not optional - they are essential.
Stop playing the “crazy game” of waiting for alerts while attackers sow chaos. Instead, adopt the App Guard way of doing things: proactively isolate threats, contain disruption, and protect your organization at the source.
Business leaders: it’s critical to move your strategy from “Detect and Respond” to “Isolation and Containment.” Talk with us at CHIPS about how AppGuard can shield your organization against ransomware threats like the reemergent Pay2Key.I2P.
Let’s help you stop reacting to threats and start preventing them.
Like this article? Please share it with others!