Asharq Al-awsat English Middle-east and International News and Opinion from Asharq Al-awsat Newspaper

US Indicts Iranians over Ransomware Attacks

US Indicts Iranians over Ransomware Attacks

Wednesday, 28 November, 2018 - 19:15
US Deputy Attorney General Rod Rosenstein announces the indictment of two Iranians behind the SamSam ransomware attack. (AP)
Asharq Al-Awsat
Two Iranians were found guilty for carrying out ransomware attacks against hospitals, city governments and public institutions in the US and Canada.

The US Department of Justice charged the hackers with extorting at least $6 million from these institutions by remotely locking down their computer systems.

The DOJ said Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, deployed the SamSam Ransomware into the systems of more than 200 institutions, encrypting their operations to make them inaccessible until the owners paid ransoms by bitcoin.

The 34-month long hacking scheme wreaked havoc on the city governments of Atlanta, Georgia and Newark, New Jersey, the University of Calgary in Canada, major US hospitals in Los Angeles and Kansas City, and Laboratory Corporation of America, or LabCorp, one of the world's largest medical testing businesses.

In addition to ransom payments, the Justice Department said, governments and businesses suffered losses of a total of $30 million in their operations.

"The hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims," said Deputy Attorney General Rod Rosenstein.

The six-count indictment said the two men -- who are still in Iran -- began in December 2015 to hack into target computer systems to install the SamSam malware.

Once the malware was executed, it would encrypt all of the data on the victims' computers, and electronic notes would be left behind telling administrators how to pay a ransom to have their data unlocked.

When the city of Atlanta was hit, government computers serving a population of a half-million were crippled for six days in March 2018.

People could not pay bills and businesses could not receive payments.

The demanded payments were usually relatively small, making it easier for some executives to decide to pay.

The Indiana hospital Hancock Health paid four bitcoin -- $55,000 at the time -- in January 2018 to get its systems unfrozen.

"The defendants did not just indiscriminately 'cross their fingers' and hope their ransomware randomly compromised just any computer system," said Assistant Attorney General Brian Benczkowski.

"Rather, they deliberately engaged in an extreme form of 21st-century digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing and able to pay."

The deployment of the SamSam ransomware represented some of the highest profile cyber-attacks on US soil, including one in 2016 that forced Hollywood Presbyterian Hospital in Los Angeles to turn away patients and one last year that shut down Atlanta courts and much of its city government.

In parallel with the indictment of the two, the US Treasury announced sanctions on two other Iranians, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who allegedly aided the hackers by managing the ransom payments by the virtual currency bitcoin.

The two helped the SamSam hackers convert the bitcoin into Iranian rials, and were identified as the people behind two digital currency addresses that handled some 7,000 bitcoin transactions.

The Treasury's Office of Foreign Assets Control said it was the first time they had publicly attributed digital currency addresses to people being placed on their sanctions blacklist.

Editor Picks