Justice Dept. announces indictment of two Iranians in ransomware scheme

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanne...

Posted: Nov 29, 2018 10:30 AM
Updated: Nov 29, 2018 10:30 AM

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanned more than two years and crippled computer systems at hospitals and municipal offices across the country, the Justice Department announced on Wednesday.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly released a type of ransomware called "SamSam" designed to hold computer systems hostage -- forcing victims to pay "ransom" to re-gain access, Deputy Attorney General Rod Rosenstein said at a news conference on Wednesday.

Business and industry sectors

Business, economy and trade

Computer science and information technology

Continents and regions

Crime, law enforcement and corrections

Criminal law

Criminal offenses

Currencies

Digital crime

Digital currencies

Digital security

Economy and economic indicators

Federal Bureau of Investigation

Government organizations - US

Indictments

Iran

Law and legal system

Malware

Middle East

Middle East and North Africa

Money, banknotes and coins

Software and applications

Technology

US Department of Justice

US federal departments and agencies

Brian Benczkowski

Political Figures - US

Government and public administration

Government bodies and offices

Government departments and authorities

Justice departments

Law enforcement

"The allegations in the indictment unsealed today -- the first of its kind -- outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail," said Assistant Attorney General Brian Benczkowski.

The duo allegedly acted inside Iran and collected over $6 million from more than 200 victims, causing more than $30 million in losses during a 34-month span. Among their alleged targets was the city of Atlanta, where segments of the municipal online infrastructure were ground to a halt for days in March because of the malware infection, disabling residents from paying water bills and forcing police officers to file reports by hand.

Other victims of the attack included the city of Newark, New Jersey, MedStar Health and the Colorado Department of Transportation, among others, according to Benczkowski, the head of the Justice Department's criminal division.

On Wednesday, Newark Mayor Ras Baraka said the attacks "seriously compromised" their networks and "disrupted vital services that we provide to residents."

"The hackers asked for payment of the bitcoin equivalent of $30,000 in ransom and we paid that as recommended by law enforcement officials in order to prevent long-term disruption," Baraka said in a statement.

He added, "Both the FBI and Department of Justice were extremely helpful in guiding us every step of the way and assisting in a situation we had never faced before."

The indictment does not allege that the men had any official connection to the Iranian government, according to Benczkowski.

The Justice Department plans to file notices with Interpol to restrict the men's travel, Benczkowski said.

Benczkowski said Savandi and Mansouri face charges of "conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and, transmitting a demand in relation to damaging a protected computer."

In a related move, the US Treasury Department on Wednesday also announced it was taking action against two others based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan.

According to the Treasury's Office of Foreign Assets Control, Khorashadizadeh and Ghorbaniyan allegedly assisted Savandi and Mansouri convert the cryptocurrency Bitcoin into Iranian rial.

"Treasury is targeting digital currency exchangers who have enabled Iranian cyberactors to profit from extorting digital ransom payments from their victims," said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a statement. "As Iran becomes increasingly isolated and desperate for access to US dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes."

Despite common conception that cryptocurrency transactions are anonymous, they are pseudonymous -- meaning there is a way to trace the transactions.

"The criminals believe they were masking their identities on the dark web, however this case shows that anonymizers may not make you as anonymous as you think you are. They use Bitcoin to avoid detection but this case shows that digital currency may be traceable," said FBI Executive Assistant Director Amy S. Hess, the law enforcement agency's top cyberofficial.

CrowdStrike CSO and former FBI executive assistant director Shawn Henry tells CNN that these types of indictments are examples of targeted operations where the FBI, NSA and CIA are teaming up like never before to go after hackers.

In the statement, Mandelker also said they are publishing addresses linked to "illicit actors."

"We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives."

Rosenstein on Wednesday called the cyberattacks a "high-tech, sophisticated extortion plot."

"These defendants are now fugitives from American justice. American justice has a long arm and we will wait and eventually we're confident that we will take these perpetrators into custody," Rosenstein said.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 66646

Reported Deaths: 1874
CountyConfirmedDeaths
Hinds5544117
DeSoto357430
Harrison240635
Madison239664
Rankin225132
Jackson222542
Jones185058
Forrest175855
Washington160640
Lauderdale139790
Lee138333
Neshoba128492
Lamar119214
Oktibbeha109638
Bolivar109333
Lowndes105837
Warren103332
Panola102612
Scott99520
Sunflower99224
Lafayette95615
Copiah94528
Leflore90762
Pike89635
Holmes87348
Grenada83821
Yazoo81512
Pontotoc8098
Lincoln79641
Leake78625
Simpson78630
Monroe76952
Wayne75321
Coahoma71511
Tate70527
Marshall6749
Marion64320
Winston61116
Adams61025
Covington61013
Union60116
George5494
Newton53711
Pearl River52937
Tallahatchie52210
Attala51525
Walthall49119
Chickasaw45019
Noxubee44811
Calhoun4079
Prentiss40310
Claiborne39813
Alcorn3975
Smith39713
Clay39214
Jasper3819
Hancock37314
Tishomingo3635
Itawamba34810
Tippah34213
Clarke32525
Tunica3226
Montgomery3153
Lawrence3127
Yalobusha31210
Humphreys28311
Carroll26011
Quitman2521
Greene23611
Jefferson Davis2286
Kemper22714
Amite2256
Webster22512
Perry2237
Wilkinson20113
Jefferson1946
Sharkey1944
Stone1864
Benton1420
Choctaw1314
Franklin1192
Issaquena251
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 94827

Reported Deaths: 1674
CountyConfirmedDeaths
Jefferson12743242
Mobile9565206
Montgomery6521148
Madison525030
Tuscaloosa410371
Unassigned347461
Baldwin344323
Shelby320133
Marshall309034
Lee262844
Morgan233017
Etowah207530
DeKalb177113
Calhoun170413
Elmore169438
Walker150264
Houston136412
Russell13422
Dallas131123
St. Clair131016
Limestone128413
Franklin125820
Cullman120112
Colbert115613
Lauderdale113917
Autauga106521
Escambia105416
Talladega98613
Jackson9454
Tallapoosa84979
Chambers83538
Dale82323
Blount7743
Chilton7676
Butler75935
Coffee7475
Covington72620
Pike6907
Barbour5695
Lowndes56724
Marion56724
Marengo54614
Clarke4969
Hale46726
Bullock45411
Winston44411
Perry4364
Wilcox41810
Bibb4164
Monroe4154
Randolph39410
Pickens3849
Conecuh38210
Sumter36218
Lawrence3441
Macon33213
Washington32712
Crenshaw3133
Choctaw27912
Cherokee2637
Geneva2550
Henry2523
Greene25011
Clay2495
Lamar2172
Fayette1985
Cleburne1251
Coosa1012
Out of AL00
Tupelo
Clear
80° wxIcon
Hi: 96° Lo: 73°
Feels Like: 84°
Columbus
Clear
76° wxIcon
Hi: 94° Lo: 72°
Feels Like: 76°
Oxford
Clear
73° wxIcon
Hi: 93° Lo: 70°
Feels Like: 73°
Starkville
Clear
72° wxIcon
Hi: 93° Lo: 68°
Feels Like: 72°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather