A federal grand jury on Wednesday charged two Iranian nationals for their involvement in an international hacking scheme in which they used a sophisticated malware to extort victims for a ransom, the Department of Justice announced.
Authorities allege that Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri carried out the 34-month hacking campaign that caused over $30 million in damages by using ransomware known as “SamSam,” according to the unsealed six-count indictment.
{mosads}The hackers, whom the DOJ says acted from inside Iran, allegedly targeted hospitals, state agencies, city governments and municipalities, along with other public institutions in their attacks, breaching the computer systems.
The DOJ identified more than 200 victims, including the city of Atlanta, the city of Newark, the Port of San Diego, the Colorado Department of Transportation as well as six health-care related entities that include the Kansas Heart Hospital in Wichita, Kan., and MedStar Health, headquartered in Columbia, Md.
Deputy Attorney General Rod Rosenstein, who made the announcement of charges, stated that the hackers hijacked computers of places like hospitals and health-care providers — entities that are carrying out life-saving services — because they knew it would maximize their chances of getting paid the ransom.
“The conspirators collected more than $6 million in extortion payments and caused more than $30 million in losses,” Rosenstein said. “Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people.”
According to the indictment, the hackers would also disguise their attacks to look like legitimate computer activity.
The No. 2 DOJ official also used the announcement to highlight the challenges law enforcement officials face when trying to track hackers and other criminals who are using encrypted services to communicate. The two Iranian hackers allegedly used Tor, a computer network that helps individuals communicate anonymously online.
Rosenstein said the encrypted communication devices make it easier for these individuals to evade detection.