In the first case of its kind, the U.S. Justice Department announced charges Wednesday against two alleged Iranian cybercriminals who used malware to infect the computer networks of U.S. municipalities, hospitals and other organizations in a scheme to extort millions of dollars from the victims.
Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of creating and deploying a sophisticated malware known as SamSam Ransomware to forcibly encrypt data on the computer networks of more than 200 organizations and other victims in the United States and Canada. Savandi and Mansouri would then demand a ransom payment in the form of the virtual currency known as bitcoin in exchange for decryption keys for the encrypted data.
In all, the two allegedly received more than $6 million in extortion payments. Officials did not name the victims that made the payments Other victims that refused to pay ransom suffered more than $30 million in lost data.
The victims included state agencies, city governments and hospitals, including the City of Atlanta, the City of Newark, the Port of San Diego, the Colorado Department of Transportation, the University of Calgary in Calgary, Canada, and six U.S. public health related entities, according to the 26-page indictment.
Deputy Attorney General Rod Rosenstein announced the six-count indictment against Saandi and Mansouri. The two residents of Tehran remain at large and have been placed on the FBI’s wanted list. Officials said the pair have no known ties to the Iranian government.
The hacking and extortion scheme lasted nearly three years starting in January 2016. The investigation started when a victim of the scheme came forward, officials aid.
“Every sector of our economy is a target of malicious cyber activity,” Rosenstein said. “But the events described in this indictment highlight the urgent need for municipalities, public utilities, health care institutions, unviersities other public organizations to enhance their cyber security.”
Assistant Attorney General Brian A. Benczkowski said the indictment was the first ever “against criminal actors for deploying a for-profit- ransomware, hacking, and extortion scheme.
Benczkowsi said the Iranian hackers carefully targeted their victims. In one instance, a few days before attacking the network of Kansas Heart Hospital, “the defendants conducted online searches concerning the hospital and accessed its website,” he said.
In recent months, U.S. prosecutors have charged a number of Iranian hackers, some with ties to the Iranian government, with cybercrimes. In March, prosecutors charged nine Iranian hackers with penetrating the computer networks of hundreds of American and foreign universities and other institutions.
Ransomware has become a favorite tool of cybercriminals in recent years. According to a report by the cybersecurity firm Bitdefender, ransomware payments were expected to hit a record $2 billion in 2017.