STREAMING NOW: Watch Now

Justice Dept. announces indictment of two Iranians in ransomware scheme

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanne...

Posted: Nov 29, 2018 10:30 AM
Updated: Nov 29, 2018 10:30 AM

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanned more than two years and crippled computer systems at hospitals and municipal offices across the country, the Justice Department announced on Wednesday.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly released a type of ransomware called "SamSam" designed to hold computer systems hostage -- forcing victims to pay "ransom" to re-gain access, Deputy Attorney General Rod Rosenstein said at a news conference on Wednesday.

Business and industry sectors

Business, economy and trade

Computer science and information technology

Continents and regions

Crime, law enforcement and corrections

Criminal law

Criminal offenses

Currencies

Digital crime

Digital currencies

Digital security

Economy and economic indicators

Federal Bureau of Investigation

Government organizations - US

Indictments

Iran

Law and legal system

Malware

Middle East

Middle East and North Africa

Money, banknotes and coins

Software and applications

Technology

US Department of Justice

US federal departments and agencies

Brian Benczkowski

Political Figures - US

Government and public administration

Government bodies and offices

Government departments and authorities

Justice departments

Law enforcement

"The allegations in the indictment unsealed today -- the first of its kind -- outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail," said Assistant Attorney General Brian Benczkowski.

The duo allegedly acted inside Iran and collected over $6 million from more than 200 victims, causing more than $30 million in losses during a 34-month span. Among their alleged targets was the city of Atlanta, where segments of the municipal online infrastructure were ground to a halt for days in March because of the malware infection, disabling residents from paying water bills and forcing police officers to file reports by hand.

Other victims of the attack included the city of Newark, New Jersey, MedStar Health and the Colorado Department of Transportation, among others, according to Benczkowski, the head of the Justice Department's criminal division.

On Wednesday, Newark Mayor Ras Baraka said the attacks "seriously compromised" their networks and "disrupted vital services that we provide to residents."

"The hackers asked for payment of the bitcoin equivalent of $30,000 in ransom and we paid that as recommended by law enforcement officials in order to prevent long-term disruption," Baraka said in a statement.

He added, "Both the FBI and Department of Justice were extremely helpful in guiding us every step of the way and assisting in a situation we had never faced before."

The indictment does not allege that the men had any official connection to the Iranian government, according to Benczkowski.

The Justice Department plans to file notices with Interpol to restrict the men's travel, Benczkowski said.

Benczkowski said Savandi and Mansouri face charges of "conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and, transmitting a demand in relation to damaging a protected computer."

In a related move, the US Treasury Department on Wednesday also announced it was taking action against two others based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan.

According to the Treasury's Office of Foreign Assets Control, Khorashadizadeh and Ghorbaniyan allegedly assisted Savandi and Mansouri convert the cryptocurrency Bitcoin into Iranian rial.

"Treasury is targeting digital currency exchangers who have enabled Iranian cyberactors to profit from extorting digital ransom payments from their victims," said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a statement. "As Iran becomes increasingly isolated and desperate for access to US dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes."

Despite common conception that cryptocurrency transactions are anonymous, they are pseudonymous -- meaning there is a way to trace the transactions.

"The criminals believe they were masking their identities on the dark web, however this case shows that anonymizers may not make you as anonymous as you think you are. They use Bitcoin to avoid detection but this case shows that digital currency may be traceable," said FBI Executive Assistant Director Amy S. Hess, the law enforcement agency's top cyberofficial.

CrowdStrike CSO and former FBI executive assistant director Shawn Henry tells CNN that these types of indictments are examples of targeted operations where the FBI, NSA and CIA are teaming up like never before to go after hackers.

In the statement, Mandelker also said they are publishing addresses linked to "illicit actors."

"We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives."

Rosenstein on Wednesday called the cyberattacks a "high-tech, sophisticated extortion plot."

"These defendants are now fugitives from American justice. American justice has a long arm and we will wait and eventually we're confident that we will take these perpetrators into custody," Rosenstein said.

Mississippi Coronavirus Cases

Data is updated nightly.

Confirmed Cases: 13260

Reported Deaths: 625
CountyConfirmedDeaths
Hinds89324
Lauderdale67855
Madison65421
Scott58910
Neshoba51231
Forrest48034
Jones46713
DeSoto4616
Leake38410
Holmes36523
Rankin3496
Jackson29613
Copiah2784
Attala27014
Lincoln24320
Monroe24224
Leflore24025
Harrison2346
Newton2243
Lamar2194
Yazoo2152
Pearl River20327
Pike19611
Adams18615
Lowndes1607
Noxubee1586
Washington1535
Warren1506
Bolivar14010
Jasper1393
Oktibbeha13410
Smith13110
Covington1271
Chickasaw12612
Clarke12616
Kemper12510
Lafayette1233
Carroll11310
Wayne1090
Marion1088
Lee1045
Clay993
Winston981
Coahoma983
Lawrence901
Hancock8711
Simpson850
Itawamba857
Yalobusha824
Wilkinson829
Montgomery781
Sunflower773
Grenada752
Jefferson Davis712
Union715
Tippah7011
Marshall693
Panola622
Calhoun604
Tate591
Claiborne581
Humphreys537
Amite521
Walthall510
Tunica483
Perry462
Jefferson400
Prentiss383
Stone300
Choctaw292
Webster271
Pontotoc263
Franklin252
Tishomingo250
Quitman240
Tallahatchie241
George191
Alcorn151
Benton140
Greene71
Sharkey70
Unassigned00

Alabama Coronavirus Cases

Confirmed Cases: 14478

Reported Deaths: 551
CountyConfirmedDeaths
Mobile1996109
Jefferson161488
Montgomery118630
Marshall6499
Tuscaloosa50512
Lee49832
Franklin4476
Shelby43319
Tallapoosa39662
Butler34411
Chambers33623
Madison2964
Baldwin2749
Elmore2637
Etowah23610
DeKalb2213
Coffee2001
Walker1981
Dallas1973
Sumter1916
Lowndes18610
Houston1644
Morgan1621
Autauga1593
Calhoun1413
Choctaw1414
Pike1360
Colbert1362
Marengo1336
Hale1293
Russell1280
Lauderdale1282
Randolph1257
Wilcox1187
Marion11310
Bullock1111
Barbour1101
Clarke1022
St. Clair1021
Pickens934
Talladega912
Greene894
Chilton871
Dale830
Cullman760
Limestone740
Jackson692
Covington651
Washington645
Winston620
Macon602
Bibb591
Crenshaw582
Henry562
Blount491
Escambia433
Lawrence420
Coosa331
Geneva330
Cherokee332
Perry310
Monroe282
Clay272
Conecuh251
Lamar200
Cleburne131
Fayette110
Unassigned00
Tupelo
Clear
74° wxIcon
Hi: 90° Lo: 71°
Feels Like: 74°
Columbus
Clear
71° wxIcon
Hi: 91° Lo: 70°
Feels Like: 71°
Oxford
Clear
70° wxIcon
Hi: 88° Lo: 68°
Feels Like: 70°
Starkville
Clear
70° wxIcon
Hi: 89° Lo: 65°
Feels Like: 70°
WTVA Radar
WTVA Temperatures
WTVA Severe Weather