The hacking and extortion scheme took place
over a 34-month period with the SamSam ransomware affecting over 200 organizations
in the US and Canada
The United States Department of Justice (DOJ)
unsealed indictments against two alleged Iranian hackers accused of being the
miscreants behind the infamous SamSam ransomware attacks.
The six-count indictment named Faramarz Shahi Savandi, 34, and
Mohammad Mehdi Shah Mansouri, 27, both Iranian nationals, as being responsible
for a computer hacking and extortion scheme that affected over 200
organizations, including hospitals and government agencies, in the US and
Canada for almost three years.
According to the court document, the DOJ
estimates that the alleged hackers amassed around $6 million from ransom
payments, while at the same time causing just over $30 million in damages as a
result of the attacks.
Some of the most notable cases involved
attacks on the city of Atlanta, the city of Newark, the Port of San Diego
and the Kansas Heart Hospital.
“The allegations in the indictment unsealed
today—the first of its kind—outline an Iran-based international computer
hacking and extortion scheme that engaged in 21st-century digital blackmail,”
said Assistant Attorney General Brian A. Benczkowski in a statement. “These
defendants allegedly used ransomware to infect the computer networks of
municipalities, hospitals, and other key public institutions, locking out the
computer owners, and then demanded millions of dollars in payments from them”.
The indictment revealed that Savandi and
Mansouri were charged with “one count of conspiracy to commit wire fraud, one
count of conspiracy to commit fraud and related activity in connection with
computers, two substantive counts of intentional damage to a protected computer
and two substantive counts of transmitting a demand in relation to damaging a
protected computer”.
In a press conference, US Attorney Craig
Carpenito is quoted by The Verge telling
reporters that Savandi and Mansouri “worked hard to identify the most
vulnerable targets that they could,” and that they were not solely motivated by
money, rather “they’re seeking to harm our institutions and critical
infrastructure. They’re trying to impact our way of life.”