14 DAY TRIAL // A grand jury has indicted two Iranian nationals for orchestrating the SamSam ransomware international operation which was used to hold hostage the systems of a long list of private and government computing systems.
Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri used the SamSam ransomware they developed in December 2015 to target specific targets starting 2016, with the victim count going well above 200.
“The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims,” Deputy Attorney General Rosenstein said in the DoJ press release.
Moreover, “According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”
The Iranian duo collected $6 million in ransoms
During a press conference held on November 28, Assistant Attorney General Brian A. Benczkowski said that the two defendants first researched their targets to improve the chance of compromising their systems and, once they managed to infiltrate them, they encrypted everything asking for Bitcoin ransoms to provide the victims with decryption keys.
Furthermore, the two defendants used TOR to anonymize their communications and struck their targets after business hours to make sure that their victims will not be able to mitigate the attacks successfully.
Throughout the years the SamSam operation was managed by Savandi and Mansouri, they were able to collect more than $6,000,000 in ransoms while their victims incurred losses of well above $30,000,000.
"Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer," says DoJ's press release.