Jose Luis Magana / AP
A state grand jury in Atlanta on Wednesday became the youngest to accuse two Iranian nationals of creating and deploying the "SamSam" ransomware that attacked city computer systems earlier this year for tens of thousands of dollars blackmail the local government.
The indictment filed with the US District Court for the Northern District of Georgia charges Faramarz Savandi and Mohammed Mansouri with intentionally damaging Atlanta's proprietary computers. The cyber attack is a violation of the Computer Fraud and Abuse Act and threatens public health and safety, the US Attorney's Office said in a statement.
"In March 2018, a devastating ransomware attack disrupted the governance of the city of Atlanta and disrupted our community," said US attorney Byung J. "BJay" Pak in a statement.
SamSam malware has crippled several online urban services for more than a week. After the infection, the city courts' computers were unable to bring the cases to court. Residents were prevented from paying bills online; Police officers were forced to write reports and book inmates by hand.
Pak's office claims it was Savandi and Mansouri who held 3,789 computers in the city hostage and demanded a six Bitcoin ransom fee of approximately $ 51,000. For this, she received an encryption key that restored access to the data.
In the end, the city's attack caused "significant costs" and added "millions of dollars in losses," Pak's office said. However, these expenses did not include the required payout. The statement states, "The city of Atlanta has not paid the ransom."
Wednesday's charges against Savandi and Mansouri – both presumably resident in Iran – follow a federal jury indictment in New Jersey last week was unsealed. In this case, the couple was charged by Deputy US Attorney General Rod Rosenstein with six computer attacks and fraud.
"The Iranian defendants allegedly used hacking and malware to cause losses of more than $ 30 million to more than 200 victims," Rosenstein said last week. "According to the indictment, hackers infiltrated computer systems in 10 states and Canada and then demanded payment, criminal activities harming state agencies, municipalities, hospitals, and countless innocent victims."
In court documents, the judiciary Savandi and Mansouri have been collecting more than $ 6 million in ransom payments since the first launch of SamSam in December 2015.
According to official figures, the two companies have twice updated malware updates in 2017.
Their first alleged target was a company in Mercer County, New Jersey, but the duo quickly began looking for software vulnerabilities in large public corporations, including the cities of Atlanta and Newark, New Jersey, the port of San Diego , the Transportation Department of Colorado, the Hollywood Presbyterian Medical Center in Los Angeles, and Los Angeles University of Calgary in Alberta, Canada, among many others.
American lawyer Craig Carpenito of New Jersey accuses Savandi and Mansouri of "That they have exploited the fact Victims are dependent on their computer networks to serve the public, the sick and the injured without interruption."
Deputy Attorney General Brian Benczkowski called the New Jersey indictment "the first of its kind" ,
The indictment claims the men's hacker and blackmail program is part of a "continuing cybercrime trend emanating from Iran". It also states that Savandi and Mansouri used "Bitcoin Exchangers" from Iran and "used the computer infrastructure abroad for their attacks."
The same day that the indictment was filed in New Jersey, the US Treasury's Office of Foreign Asset Control was in charge of adding two Bitcoin addresses to its sanction list for the first time in history.
The accounts included Ali Khorashadizadeh and Mohammad Ghorbaniyan, two Iran-based individuals, "who helped pay ransom payments for digital currencies (Bitcoin) against Iranian rials on behalf of Iranian malicious cyber players using the SamSam ransomware system
"As Iran becomes increasingly isolated and desperate for dollars, it is crucial Sigal Mandelker, Secretary of State for Terrorism and Financial Espionage, said that financial exchange exchanges, peer-to-peer file sharing and other digital currency providers protect their networks against these illegal activities.
Finance ministers claim that Khorashadizadeh and Ghorbaniyan are in Over the past five years, more than 7,000 transactions have been settled by over 40 exchanges including some in the USA. According to their statements, since 2013 they have essentially washed around 6,000 Bitcoin worth millions of dollars.
The charges against Savandi and Mansouri are unlikely to lead to a trial of either man. Iran has no extradition treaty with the US. As Ryan Lucas of NPR reports, such charges are part of the US government's strategy to initiate detailed, legally permissible cases against foreign cyber-attackers, even though they are unlikely to be inside a US courtroom. "