Serviceteam IT Security News
The hacking and extortion scheme took place over a 34-month period with the SamSam ransomware affecting over 200 organizations in the US and Canada

The United States Department of Justice (DOJ) unsealed indictments against two alleged Iranian hackers accused of being the miscreants behind the infamous SamSam ransomware attacks.

The six-count indictment named Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both Iranian nationals, as being responsible for a computer hacking and extortion scheme that affected over 200 organizations, including hospitals and government agencies, in the US and Canada for almost three years.

According to the court document, the DOJ estimates that the alleged hackers amassed around $6 million from ransom payments, while at the same time causing just over $30 million in damages as a result of the attacks.

Some of the most notable cases involved attacks on the city of Atlanta, the city of Newark, the Port of San Diego and the Kansas Heart Hospital.

“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Brian A. Benczkowski in a statement. “These defendants allegedly used ransomware to infect the computer networks of municipalities, hospitals, and other key public institutions, locking out the computer owners, and then demanded millions of dollars in payments from them”.

The indictment revealed that Savandi and Mansouri were charged with “one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer”.

In a press conference, US Attorney Craig Carpenito is quoted by The Verge telling reporters that Savandi and Mansouri “worked hard to identify the most vulnerable targets that they could,” and that they were not solely motivated by money, rather “they’re seeking to harm our institutions and critical infrastructure. They’re trying to impact our way of life.”


For more on this story please check out City of Atlanta computers held hostage in ransomware attack and Atlanta’s ransomware attack: Police dashcam video archives lost forever.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!