Morphisec Threat Labs analyzed a Linux variant of the Iranian-attributed Pay2Key ransomware. The malware requires root privileges to execute, utilizes a JSON configuration file, disables system defenses like SELinux and AppArmor, and employs ChaCha20 for full or partial file encryption while lacking built-in network C2 or exfiltration capabilities.