BREAKING NEWS Huntsville High School forfeits football game with multiple team members in quarantine Full Story

Justice Dept. announces indictment of two Iranians in ransomware scheme

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanne...

Posted: Nov 29, 2018 10:30 AM
Updated: Nov 29, 2018 10:30 AM

Two Iranian men have been indicted for their alleged involvement in a hacking and malware scheme that spanned more than two years and crippled computer systems at hospitals and municipal offices across the country, the Justice Department announced on Wednesday.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly released a type of ransomware called "SamSam" designed to hold computer systems hostage -- forcing victims to pay "ransom" to re-gain access, Deputy Attorney General Rod Rosenstein said at a news conference on Wednesday.

Business and industry sectors

Business, economy and trade

Computer science and information technology

Continents and regions

Crime, law enforcement and corrections

Criminal law

Criminal offenses

Currencies

Digital crime

Digital currencies

Digital security

Economy and economic indicators

Federal Bureau of Investigation

Government organizations - US

Indictments

Iran

Law and legal system

Malware

Middle East

Middle East and North Africa

Money, banknotes and coins

Software and applications

Technology

US Department of Justice

US federal departments and agencies

Brian Benczkowski

Political Figures - US

Government and public administration

Government bodies and offices

Government departments and authorities

Justice departments

Law enforcement

"The allegations in the indictment unsealed today -- the first of its kind -- outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail," said Assistant Attorney General Brian Benczkowski.

The duo allegedly acted inside Iran and collected over $6 million from more than 200 victims, causing more than $30 million in losses during a 34-month span. Among their alleged targets was the city of Atlanta, where segments of the municipal online infrastructure were ground to a halt for days in March because of the malware infection, disabling residents from paying water bills and forcing police officers to file reports by hand.

Other victims of the attack included the city of Newark, New Jersey, MedStar Health and the Colorado Department of Transportation, among others, according to Benczkowski, the head of the Justice Department's criminal division.

On Wednesday, Newark Mayor Ras Baraka said the attacks "seriously compromised" their networks and "disrupted vital services that we provide to residents."

"The hackers asked for payment of the bitcoin equivalent of $30,000 in ransom and we paid that as recommended by law enforcement officials in order to prevent long-term disruption," Baraka said in a statement.

He added, "Both the FBI and Department of Justice were extremely helpful in guiding us every step of the way and assisting in a situation we had never faced before."

The indictment does not allege that the men had any official connection to the Iranian government, according to Benczkowski.

The Justice Department plans to file notices with Interpol to restrict the men's travel, Benczkowski said.

Benczkowski said Savandi and Mansouri face charges of "conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and, transmitting a demand in relation to damaging a protected computer."

In a related move, the US Treasury Department on Wednesday also announced it was taking action against two others based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan.

According to the Treasury's Office of Foreign Assets Control, Khorashadizadeh and Ghorbaniyan allegedly assisted Savandi and Mansouri convert the cryptocurrency Bitcoin into Iranian rial.

"Treasury is targeting digital currency exchangers who have enabled Iranian cyberactors to profit from extorting digital ransom payments from their victims," said Treasury Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker in a statement. "As Iran becomes increasingly isolated and desperate for access to US dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes."

Despite common conception that cryptocurrency transactions are anonymous, they are pseudonymous -- meaning there is a way to trace the transactions.

"The criminals believe they were masking their identities on the dark web, however this case shows that anonymizers may not make you as anonymous as you think you are. They use Bitcoin to avoid detection but this case shows that digital currency may be traceable," said FBI Executive Assistant Director Amy S. Hess, the law enforcement agency's top cyberofficial.

CrowdStrike CSO and former FBI executive assistant director Shawn Henry tells CNN that these types of indictments are examples of targeted operations where the FBI, NSA and CIA are teaming up like never before to go after hackers.

In the statement, Mandelker also said they are publishing addresses linked to "illicit actors."

"We are publishing digital currency addresses to identify illicit actors operating in the digital currency space. Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives."

Rosenstein on Wednesday called the cyberattacks a "high-tech, sophisticated extortion plot."

"These defendants are now fugitives from American justice. American justice has a long arm and we will wait and eventually we're confident that we will take these perpetrators into custody," Rosenstein said.

Huntsville
Clear
65° wxIcon
Hi: 76° Lo: 52°
Feels Like: 65°
Florence
Clear
68° wxIcon
Hi: 78° Lo: 55°
Feels Like: 68°
Fayetteville
Clear
66° wxIcon
Hi: 75° Lo: 51°
Feels Like: 66°
Decatur
Clear
64° wxIcon
Hi: 75° Lo: 53°
Feels Like: 64°
Scottsboro
Clear
63° wxIcon
Hi: 76° Lo: 53°
Feels Like: 63°
WAAY Radar
WAAY WAAY-TV Cam
WAAY Temperatures

Alabama Coronavirus Cases

Confirmed Cases: 137564

Reported Deaths: 2399
CountyConfirmedDeaths
Jefferson19938351
Mobile13507293
Montgomery8866185
Tuscaloosa8837118
Madison798179
Shelby607449
Lee597161
Baldwin560650
Marshall397543
Calhoun355644
Etowah354845
Morgan333428
Houston293921
Elmore271948
DeKalb244321
St. Clair235936
Walker235485
Talladega217830
Limestone214420
Cullman191920
Dallas179826
Franklin179130
Autauga178727
Russell17683
Lauderdale175133
Colbert167726
Blount162115
Escambia161624
Jackson159712
Chilton159530
Covington140727
Dale140344
Coffee13716
Pike121611
Chambers117542
Tallapoosa117185
Clarke110316
Marion97529
Butler91740
Barbour8867
Winston75013
Marengo72620
Pickens67014
Randolph66613
Lowndes65927
Bibb65810
Hale64928
Geneva6444
Lawrence63425
Cherokee61713
Bullock60714
Clay5918
Monroe5908
Washington56012
Crenshaw54332
Perry5426
Conecuh53911
Wilcox53211
Henry5105
Macon48318
Fayette4689
Sumter43719
Cleburne3945
Lamar3822
Choctaw35112
Greene30515
Coosa1743
Out of AL00
Unassigned00

Tennessee Coronavirus Cases

Confirmed Cases: 194611

Reported Deaths: 2420
CountyConfirmedDeaths
Shelby31097466
Davidson26797311
Hamilton963495
Knox960579
Rutherford945290
Williamson536636
Sumner489598
Wilson356247
Putnam336541
Montgomery313344
Unassigned30444
Madison299265
Out of TN297727
Bradley297217
Sevier266415
Blount256324
Maury242725
Washington235538
Robertson223939
Sullivan223133
Hamblen194828
Tipton184519
Gibson172624
Trousdale16697
Hardeman158426
Wayne15015
Dyer142017
Bedford137317
Dickson128015
Coffee127713
Fayette122719
Cumberland121919
Weakley121620
Anderson121013
Obion120211
Loudon11996
Henderson119125
Carter118028
Greene116946
McMinn116325
Jefferson114414
Lawrence108913
Warren10777
Macon106721
Monroe106618
Hardin105516
Lauderdale100316
Haywood99821
Franklin99410
Lake9252
McNairy92518
Carroll91320
Roane9126
Bledsoe8624
White85510
Rhea85413
Hawkins82720
Cheatham8199
Marshall7815
Overton7706
Cocke75310
Smith74011
Johnson7323
Chester65011
Giles64417
Lincoln6331
Henry6309
Hickman6008
DeKalb57414
Marion5518
Fentress5463
Crockett54419
Decatur5347
Campbell4614
Claiborne4455
Polk40710
Grainger3943
Union3762
Benton3418
Jackson3325
Morgan3213
Grundy3176
Cannon2950
Unicoi2911
Humphreys2673
Sequatchie2441
Clay2355
Houston2343
Meigs2323
Stewart2212
Scott2192
Lewis2081
Moore1831
Van Buren1660
Perry1530
Pickett1262
Hancock1073

Community Events