The United States Department of Justice has charged two Iranian nationals with allegedly developing and using SamSam ransomware against their targets in the United States and Canada to carry out computer hacking and extortion scheme from Iran.
Both Mohammad Mehdi Shah Mansouri, 27 and Faramarz Shahi Savandi, 34 have been charged with six counts together with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer and two counts of transmitting a demand in relation to damaging a protected computer.
According to the indictment [PDF], SamSam ransomware caused more than $30 million in losses and targeted more than 200 victims including municipalities, hospitals, and public institutions.
“The hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims,” said Deputy Attorney General Rosenstein.
Some of SamSam ransomware’s victims included:
The City of Atlanta, Georgia
The City of Newark, New Jersey
The Port of San Diego, California;
The Colorado Department of Transportation
The University of Calgary in Calgary, Alberta, Canada
It also targeted six health care-related entities including:
Hollywood Presbyterian Medical Center in Los Angeles, California
Kansas Heart Hospital in Wichita, Kansas
Laboratory Corporation of America Holdings (LabCorp), Burlington
North Carolina; MedStar Health, headquartered, Columbia, Maryland
Nebraska Orthopedic Hospital (OrthoNebraska Hospital), Omaha
Allscripts Healthcare Solutions Inc., Chicago, Illinois
SamSam ransomware is known as one of the nastiest pieces of encryption based malware that created havoc in the United States. In the attack against the city of Atlanta Police department hackers compromised their computer system and wiped out critical dashcam video evidence after the department decided not to ransom money to hackers.
In the Colorado Department of Transportation (CDOT) hackers compromised 2,000 of its computers and infected them with malware. The hackers demanded ransom in Bitcoin from the department however authorities decided not to bow down to hackers as it kept a complete backup of the data.
Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015, and created further refined versions in June and October 2017. Both have now been added to the FBI’s wanted list since based on the diplomatic relationships between Iran and the United States it will be almost impossible for both to be extrdited to the States.
“The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities,” said Executive Assistant Director Amy S. Hess of the FBI.
This is not the first time when Iranian nationls have been charged with cyber attacks in the United States. In March this year, the US Justice Department charged nine Iranian nationals with allegedly hacking on behalf of Islamic Revolutionary Guard Corps, a branch of Iran’s armed forces.
