Menu
Browse

Veritas Logistic

Primary URL Location Industry
Undetermined
Country Israel
Transportation Icon
Transportation
Profile

Veritas Logistic, also known by its alias, is headquartered in Israel. The organization was among multiple Israeli entities that fell victim to a ransomware campaign in early May 2021. The attack was attributed to a ransomware group identified as N3TW0RM. This incident was part of a broader wave of cyberattacks targeting Israeli organizations during that period.

N3TW0RM encrypted files on compromised systems appending the '.n3tw0rm' extension to denote the locked data. The ransomware utilized a client‑server architecture to coordinate its operations. Attackers leveraged the legitimate Windows tool PAExec to distribute and execute a payload named 'slave.exe' across the network. In addition to encrypting data, the operators exfiltrated sensitive information from Veritas Logistic and threatened to publish it unless a ransom was paid. The demanded ransom amounts were reported to range from approximately $173,000 to $231,000 in Bitcoin.

Observers noted technical and tactical similarities between the N3TW0RM campaign and earlier Pay2Key attacks, which have been linked to Iranian state‑aligned actors. However, analysts remain divided on whether N3TW0RM’s primary motivation was financial gain or intentional disruption of Israeli operations. The ransomware’s design allowed encryption to proceed without relying on external command‑and‑control servers, meaning the malicious activity could continue even if network connectivity was lost. This characteristic also created a potential recovery avenue: if decryption keys remained stored locally on the affected machines after the attack, victims could possibly restore their files without paying the ransom. Despite the leak of stolen data, there is limited public evidence that negotiations with the attackers progressed beyond initial demands. The incident underscores the evolving threat landscape faced by Israeli companies and highlights the importance of robust endpoint protection and network segmentation.

Incidents
Linked incidents available to members
1 incident