Wednesday 28 November 2018

Two Iranian men charged with the ransomware attack that took down Atlanta

The US Treasury Department has placed bitcoin addresses on its sanctions list for the first time after two Iranian hackers were charged with extorting millions of dollars through them. The two addresses belonged to Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, who allegedly created the SamSam ransomware software. The Justice Department unsealed an indictment against both men today, alleging that they collected $6 million by targeting more than 200 victims — including the cities of Atlanta, Georgia, and Newark, New Jersey.
SamSam began infecting computers in 2015, and it’s been linked to expensive and temporarily devastating attacks on hospitals and infrastructure. Like other ransomware, SamSam encrypted users’ machines and ordered them to funnel money — sometimes tens of thousands of dollars — to a bitcoin account. The Treasury Department says the two accounts above processed over 7,000 transactions, although not all were necessarily related to SamSam.
In a press conference, US Attorney Craig Carpenito told reporters that Savandi and Mansouri “worked hard to identify the most vulnerable targets that they could,” and not just because they would be more likely to pay up. “Money is not their sole objective,” he claimed. “They’re seeking to harm our institutions and critical infrastructure. They’re trying to impact our way of life.”
One of Savandi and Mansouri’s most high-profile alleged crimes was an attack on Atlanta in March 2018. Major basic municipal functions were affected, including the ability to pay water bills or parking tickets, although Atlanta’s emergency services remained functional. Altogether, the Justice Department lists attacks in 43 US states.

No comments:

Post a Comment