Published in News

Two Iranians indicted by US for SamSam

by on29 November 2018

Don't expect them to face jail-time

US federal prosecutors have indicted two Iranian officials for creating and deploying the SamSam ransomware, which exploits a deserialisation vulnerability in Java-based servers.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, were indicted by a federal grand jury in New Jersey on Monday on several counts of computer hacking and fraud charges. The case was unsealed Wednesday, shortly before a press conference announcing the charges by US deputy attorney general Rod Rosenstein.

SamSam has generated some $6 million in proceeds to date -- or 1,430 bitcoin at today's value. In a separate announcement, the Treasury said it had imposed sanctions against two Bitcoin addresses associated with the ransomware. The department said the two addresses processed more than 7,000 transactions used to collect ransom demands from victims.

The court heard how the Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims. According to the indictment, the hackers infiltrated computer systems in ten states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.

One of the victims was the City of Atlanta, which was knocked offline earlier this year and spent a projected $2.6 million in recovery. "It was  discovered that the city's computers had long been vulnerable to leaked exploits developed by the National Security Agency -- then stolen and leaked online for anyone to use."

Justice Department prosecutors say that the SamSam infections caused $30 million in losses and damages.

As Iranian nationals and residents, it’s unlikely that the two will ever face a court in the US, but the indictments serve as a “name and shame” effort employed by the Justice Department in recent years.

The indictments likely won’t result in extraditions or convictions but do make it difficult for the alleged ransomware authors to travel freely — running the risk of being detained in a country that has an extradition policy with the US.


Last modified on 29 November 2018
Rate this item
(0 votes)

Read more about: