After New Jersey Indictment, Georgia Adds Charges Against Iranian 'SamSam' Hacke : NPR

clicks | 6 months ago | Google AI sentiment -0.40 | comments: discuss | tags: bitcoin

Article preview (bot search)

(Original link:

Law Georgia Charges Iranians In Ransomware Attack On Atlanta Facebook Twitter Flipboard Email December 5, 2018 9:15 PM ET Vanessa Romo
Twitter Enlarge this image The two men face federal charges of infecting Atlanta's computers with their SamSam ransomware. The suspects have previously been charged in a similar scheme in New Jersey. Jose Luis Magana/AP hide caption
toggle caption Jose Luis Magana/AP The two men face federal charges of infecting Atlanta's computers with their SamSam ransomware. The suspects have previously been charged in a similar scheme in New Jersey.
Jose Luis Magana/AP A federal grand jury in Atlanta on Wednesday became the latest to indict two Iranian nationals on charges of creating and deploying the "SamSam" ransomware that attacked vital city computer systems earlier this year in an attempt to extort tens of thousands of dollars from the local government.
The indictment, filed in the U.S. District Court for the Northern District of Georgia, charges Faramarz Savandi and Mohammed Mansouri with intentional damage to Atlanta's protected computers. The cyberattack is a violation of the Computer Fraud and Abuse Act and threatened public health and safety, the U.S. Attorney's office said in a statement.
"In March 2018, a devastating ransomware attack interrupted City of Atlanta government functions and disrupted our community," U.S. Attorney Byung J. "BJay" Pak said in a statement .
The SamSam malware crippled several city online services for more than a week. After becoming infected, municipal court computers were unable to pull up cases; residents were blocked from paying bills online; and police officers were forced to revert to writing reports and booking inmates by hand.
Pak's office alleges it was Savandi and Mansouri who held 3,789 of the city's computers hostage, demanding a six bitcoin ransom payment — valued at about $51,000 at the time — in exchange for delivering an encryption key that would restore access to the data.
In the end, the attack caused the city "to incur substantial expenses" and inflicted "millions of dollars in losses," Pak's office said. But those expenses did not include the demanded payoff. The statement noted, "The City of Atlanta did not pay the ransom."
The Two-Way As Atlanta Seeks To Restore Services, Ransomware Attacks Are On The Rise Wednesday's charges against Savandi and Mansouri — both believed to reside in Iran — follow a federal grand jury indictment in New Jersey that was unsealed last week. In that case, the pair were charged with six counts of computer hacking and fraud by U.S. Deputy Attorney General Rod Rosenstein.
"The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," Rosenstein said last week. "According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."
In court documents , the Justice Department claims that Savandi and Mansouri have collected more than $6 million in ransom payments since they first launched SamSam in December 2015.
Officials said the two made updates to the malware twice in 2017.
Their first alleged target was a business in Mercer County, N.J., but the duo quickly moved on to prey on software vulnerabilities within major public entities, including the cities of Atlanta and Newark, N.J., the Port of San Diego, the Colorado Department of Transportation, Hollywood Presbyterian Medical Center in Los Angeles and the University of Calgary in Alberta, Canada, among many others.
National Security Feds Charge North Korean Cyber-Operative In Sony Hack, Ransomware Attack All Tech Considered Malware Attacks On Hospitals Put Patients At Risk New Jersey U.S. Attorney Craig Carpenito accused Savandi and Mansouri of "cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption."
Assistant Attorney General Brian Benczkowski called the New Jersey indictment "the first of its kind."
The indictment alleges the men's hacking and extortion scheme is part of a "continuing trend of cyber criminal activity emanating from Iran." It also states Savandi and Mansouri employed "Iran-based bitcoin exchangers" and that they "utilized overseas computer infrastructure to commit their attacks."
The same day the New Jersey indictment was filed, the U.S. Treasury Department's Office of Foreign Assets Control placed two bitcoin addresses on its sanctions list for the first time in history .
The accounts belonged to Ali Khorashadizadeh and Mohammad Ghorbaniyan, two Iran-based individuals, "who helped exchange digital currency (bitcoin) ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme," the department said in a statement.
The Two-Way Massive Ransomware Attack Hit...