Email this Article Email   

CHIPS Articles: FBI: Ransomware Suspects Indicted

FBI: Ransomware Suspects Indicted
Iranian Men Charged with Deploying Damaging SamSam Ransomware
By CHIPS Magazine - November 29, 2018
Two Iranian men have been charged with deploying a sinister type of ransomware that crippled the operations of hospitals, municipalities, public institutions, and other critical networks in the United States and Canada, officials from the Department of Justice and the FBI announced Nov 28.

The FBI reported that beginning in 2015 and continuing until September 2018, SamSam ransomware infiltrated computer networks in Atlanta, Newark and San Diego, as well as those of major health care providers, the University of Calgary, and others. Once deployed, the malware encrypted data and files. The creators then demanded payment by virtual currency to restore access to affected systems, a crime Assistant Attorney General Brian A. Benczkowski called “21st century blackmail” during a press conference yesterday at the Department of Justice in Washington, D.C.

“The toll of these cyberattacks was staggering: more than 230 entities infected, $6 million in ransom payments extorted, and an estimated $30 billion in damages to the affected public and private institutions”, the FBI said.

“The actions highlighted today, which represent a continuing trend of cyber-criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities,” said Amy Hess, executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch. “As cyber threats evolve and cyber criminals develop more sophisticated techniques, so do we.”

The case was investigated through a coordinated international effort between the FBI, the United Kingdom’s National Crime Agency and West Yorkshire Police, and Canada’s Calgary Police Service and Royal Canadian Mounted Police. Noteworthy assistance was provided by the Justice Department’s National Security Division and the Criminal Division’s Office of International Affairs. The courage and the cooperation of the ransomware victims was also critical to the successful investigation, the FBI said.

In the federal indictment unsealed in Newark, the U.S. Attorney for the District of New Jersey charged Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer, and two substantive counts of transmitting a demand in relation to damaging a protected computer.

Although the alleged criminal actors are in Iran and currently out of the reach of U.S. law enforcement, they can be apprehended if they travel, and the United States is exploring other avenues of recourse, the FBI said.

Victims were infected with the ransomware via vulnerabilities found in common software and network accesses points. The FBI emphasized the importance of exercising good computer security and hygiene for individuals and corporations to prevent such vulnerabilities from occurring and escalating.

Victims of ransomware or other cybercrimes are encouraged to contact their local FBI field office and file a complaint online with the Internet Crime Complaint Center (IC3).

FBI Resources on Ransomware:

FBI Executive Assistant Director Amy Hess speaks at a November 28, 2018 press conference at the Department of Justice announcing charges against two Iranian men in connection with an international computer hacking and extortion scheme involving the deployment of sophisticated ransomware known as SamSam.
Wanted by the FBI: SAMSAM SUBJECTS - Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Conspiracy to Commit Wire Fraud; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer. FBI poster
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer