NEWARK, NJ — Authorities have allegedly discovered the source of the notorious “SamSam Ransomware” computer virus, which infected more than 200 cities, hospitals and transportation agencies and wrought more than $30 million in losses.
On Wednesday, Nov. 28, a federal grand jury indicted Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, for their alleged roles in a 34-month-long international computer hacking and extortion scheme.
Acting from inside Iran, Savandi and Mansouri allegedly created malware known as SamSam Ransomware, which was capable of forcibly encrypting data on the computers of victims in 10 states and Canada, according to the U.S. Attorney’s Office of New Jersey.
According to the indictment, beginning in December 2015, Savandi and Mansouri allegedly accessed the computers of victim entities without authorization through security vulnerabilities. They would then install and execute SamSam Ransomware, resulting in the encryption of data on the victims’ computers.
Click Here: Atlanta United FC Jersey
Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers, federal prosecutors charged.
The indictment alleges that, as a result of their conduct, Savandi and Mansouri collected more than $6 million USD in ransom payments to date, and caused over $30 million in losses to more than 200 victims.
To carry out their scheme, the indictment alleges that the defendants also employed the use of Tor, a computer network designed to facilitate anonymous communication over the internet, prosecutors said.
The pair allegedly kicked off their scheme with a business in Mercer County, New Jersey and then moved on to hit “major public entities” including the City of Newark, NJ, the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita.
Authorities said that the more than 200 victims included hospitals, municipalities, and public institutions such as the City of Atlanta, Georgia; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; Laboratory Corporation of America Holdings (more commonly known as LabCorp), headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital (now known as OrthoNebraska Hospital) in Omaha; and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.
According to the indictment, Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015, and created further refined versions in June and October 2017. In addition to employing Iran-based Bitcoin exchangers, the indictment alleges that the defendants also utilized overseas computer infrastructure to commit their attacks. Savandi and Mansouri would also use sophisticated online reconnaissance techniques (such as scanning for computer network vulnerabilities) and conduct online research in order to select and target potential victims, prosecutors said.
According to the indictment, Savandi and Mansouri maximized the damage caused to victims by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers. This was intended to — and often did — cause havoc for the regular business operations of the victims, prosecutors said.
The most recent ransomware attack against a victim took place on Sept. 25, 2018, prosecutors said.
On Wednesday, authorities announced that Savandi and Mansouri have been charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.
“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” Assistant Attorney General Brian Benczkowski of the Justice Department’s Criminal Division said.
Victims are encouraged to contact their local FBI field office and file a complaint online with the Internet Crime Complaint Center.
Learn more about posting announcements or events to your local Patch site here. Send local news tips and correction requests to [email protected]
Main Photo: Shutterstock