Justice Dept. announces indictment of two Iranians in ransomware scheme

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanne...

Posted: Nov 29, 2018 11:30 AM
Updated: Nov 29, 2018 11:30 AM

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanned more than two years and crippled computer systems at hospitals and municipal offices across the country, the Justice Department announced on Wednesday.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly released a type of ransomware called "SamSam" designed to hold computer systems hostage -- forcing victims to pay "ransom" to re-gain access, Deputy Attorney General Rod Rosenstein said at a news conference on Wednesday.

Business and industry sectors

Business, economy and trade

Computer science and information technology

Continents and regions

Crime, law enforcement and corrections

Criminal law

Criminal offenses

Currencies

Digital crime

Digital currencies

Digital security

Economy and economic indicators

Federal Bureau of Investigation

Government organizations - US

Indictments

Iran

Law and legal system

Malware

Middle East

Middle East and North Africa

Money, banknotes and coins

Software and applications

Technology

US Department of Justice

US federal departments and agencies

Brian Benczkowski

Political Figures - US

Government and public administration

Government bodies and offices

Government departments and authorities

Justice departments

Law enforcement

"The allegations in the indictment unsealed today -- the first of its kind -- outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail," said Assistant Attorney General Brian Benczkowski.

The duo allegedly acted inside Iran and collected over $6 million from more than 200 victims, causing more than $30 million in losses during a 34-month span. Among their alleged targets was the city of Atlanta, where segments of the municipal online infrastructure were ground to a halt for days in March because of the malware infection, disabling residents from paying water bills and forcing police officers to file reports by hand.

Other victims of the attack included the city of Newark, New Jersey, MedStar Health and the Colorado Department of Transportation, among others, according to Benczkowski, the head of the Justice Department's criminal division.

On Wednesday, Newark Mayor Ras Baraka said the attacks "seriously compromised" their networks and "disrupted vital services that we provide to residents."

"The hackers asked for payment of the bitcoin equivalent of $30,000 in ransom and we paid that as recommended by law enforcement officials in order to prevent long-term disruption," Baraka said in a statement.

He added, "Both the FBI and Department of Justice were extremely helpful in guiding us every step of the way and assisting in a situation we had never faced before."

The indictment does not allege that the men had any official connection to the Iranian government, according to Benczkowski.

The Justice Department plans to file notices with Interpol to restrict the men's travel, Benczkowski said.

Benczkowski said Savandi and Mansouri face charges of "conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and, transmitting a demand in relation to damaging a protected computer."

In a related move, the US Treasury Department on Wednesday also announced it was taking action against two others based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan.

According to the Treasury's Office of Foreign Assets Control, Khorashadizadeh and Ghorbaniyan allegedly assisted Savandi and Mansouri convert the cryptocurrency Bitcoin into Iranian rial.

"Treasury is targeting digital currency exchangers who have enabled Iranian cyberactors to profit from extorting digital ransom payments from their victims," said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a statement. "As Iran becomes increasingly isolated and desperate for access to US dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes."

Despite common conception that cryptocurrency transactions are anonymous, they are pseudonymous -- meaning there is a way to trace the transactions.

"The criminals believe they were masking their identities on the dark web, however this case shows that anonymizers may not make you as anonymous as you think you are. They use Bitcoin to avoid detection but this case shows that digital currency may be traceable," said FBI Executive Assistant Director Amy S. Hess, the law enforcement agency's top cyberofficial.

CrowdStrike CSO and former FBI executive assistant director Shawn Henry tells CNN that these types of indictments are examples of targeted operations where the FBI, NSA and CIA are teaming up like never before to go after hackers.

In the statement, Mandelker also said they are publishing addresses linked to "illicit actors."

"We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives."

Rosenstein on Wednesday called the cyberattacks a "high-tech, sophisticated extortion plot."

"These defendants are now fugitives from American justice. American justice has a long arm and we will wait and eventually we're confident that we will take these perpetrators into custody," Rosenstein said.

Terre Haute
Clear
47° wxIcon
Hi: 49° Lo: 28°
Feels Like: 47°
Robinson
Clear
47° wxIcon
Hi: 48° Lo: 26°
Feels Like: 47°
Indianapolis
Clear
46° wxIcon
Hi: 48° Lo: 30°
Feels Like: 46°
Rockville
Clear
45° wxIcon
Hi: 48° Lo: 29°
Feels Like: 45°
Casey
Clear
46° wxIcon
Hi: 48° Lo: 29°
Feels Like: 46°
Brazil
Clear
47° wxIcon
Hi: 48° Lo: 28°
Feels Like: 47°
Marshall
Clear
47° wxIcon
Hi: 49° Lo: 28°
Feels Like: 47°
Sunny and Calm Saturday
WTHI Planner
WTHI Temps
WTHI Radar

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Cases: 705063

Reported Deaths: 12685
CountyCasesDeaths
Cook2988706476
DuPage44035777
Will37864560
Lake36375629
Kane31136461
Winnebago18509262
Madison14013242
McHenry13979156
St. Clair12956257
Champaign1061957
Sangamon993799
Peoria8880129
Rock Island8444134
Kankakee8438103
McLean819054
Tazewell6625102
Macon6370131
Kendall613347
LaSalle5975133
DeKalb488147
Adams465148
Boone383633
Vermilion380150
Whiteside3668109
Williamson351080
Coles326458
Clinton324761
Ogle279135
Knox275462
Effingham269621
Grundy269418
Jackson261136
Henry260615
Marion241751
Stephenson241534
Livingston221226
Randolph218826
Morgan215636
Macoupin211517
Bureau207842
Monroe202045
Franklin199525
Lee196334
Christian185443
Jefferson183159
Woodford170627
Logan165813
Fayette165029
Iroquois163426
McDonough156240
Fulton141611
Shelby135026
Douglas132716
Jersey120924
Union116428
Montgomery112619
Crawford109813
Saline109025
Jo Daviess106217
Warren106220
Perry105423
Carroll104724
Bond102110
Lawrence101710
Pike99427
Cass94823
Hancock94012
Wayne87633
Moultrie87510
Clay81820
Greene80929
Clark78620
Edgar77815
Piatt7645
Richland73819
Ford73222
Mercer73010
Mason70219
Johnson7016
Washington6712
Jasper63411
Cumberland60916
De Witt60017
White5878
Massac5833
Wabash5348
Menard4571
Unassigned4270
Pulaski4072
Marshall3926
Hamilton3783
Brown3203
Henderson2790
Schuyler2661
Alexander2522
Stark2523
Putnam2420
Calhoun2310
Scott2310
Edwards2233
Gallatin1883
Hardin1461
Pope971
Out of IL110

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Cases: 324537

Reported Deaths: 5594
CountyCasesDeaths
Marion44186858
Lake28094462
Allen18660301
Elkhart17663230
St. Joseph17256234
Hamilton13612170
Vanderburgh10028121
Tippecanoe896729
Porter855386
Johnson6718169
Hendricks6412158
Vigo625889
Monroe550450
Clark531078
Madison5239122
Delaware5075103
LaPorte481196
Kosciusko475941
Howard364177
Bartholomew335365
Warrick335372
Floyd329478
Wayne325678
Marshall311846
Cass303931
Grant287150
Hancock272957
Noble264946
Henry256437
Boone255054
Dubois245631
Dearborn228231
Jackson226334
Morgan221243
Gibson194926
Knox193021
Shelby192656
Clinton185421
DeKalb183932
Lawrence183849
Wabash172821
Adams172422
Miami170815
Daviess163145
Fayette153734
Steuben153414
Jasper151713
Montgomery149327
Harrison147624
LaGrange146131
Ripley145815
Whitley142314
Huntington133510
Decatur132543
Putnam131128
White131022
Wells130130
Clay130023
Randolph128121
Posey125816
Jefferson124116
Scott114520
Greene106053
Sullivan102716
Jay101913
Starke95022
Jennings90414
Spencer8908
Fulton87519
Perry85121
Fountain8228
Washington8127
Franklin73427
Carroll71913
Orange70028
Vermillion6607
Owen6468
Tipton60327
Parke6026
Newton57812
Rush5708
Blackford56612
Pike52719
Pulaski41815
Martin3705
Benton3643
Brown3574
Crawford3081
Union2782
Switzerland2655
Warren2562
Ohio2387
Unassigned0266