The Justice Department on Wednesday unsealed charges against two Iranian hackers that the department believes used ransomware to attack more than 200 victims, including U.S. hospitals and government agencies.
The defendants, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are not in custody and may still be in Iran.
“According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment,” Deputy Attorney General Rod Rosenstein said at a press conference at the Justice Department headquarters in Washington. “The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”
The 25-page, six-count indictment was unsealed in Newark, N.J., and revealed that the hackers used the scheme for personal profit, not for government gain.
The two Iranians collected more than $6 million in ransom, and damage exceeded $30 million, federal officials said.
Savandi and Mansouri, acting from inside Iran, authored malware known as “SamSam Ransomware.”
They allegedly used the ransomware, beginning in December 2015 and ending this month, the target vulnerable computer systems and forcibly encrypt data. The victims of the attacks were then locked out of their systems.
The two extorted the targets by demanding to be paid a ransom in Bitcoin, in exchange for a key to get back into their systems.
According to officials, this is the first time federal prosecutors are charging hackers with using ransomware with Bitcoin exchanges.
Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.
According to the indictment, the defendants would also disguise their attacks to appear like legitimate network activity.
The most known assault was on the city of Atlanta in March, which crippled its computer systems citywide.
Atlanta refused to pay the ransom of $51,000, and city taxpayers have reportedly spent nearly $9.5 million recovering from the attack.
Other victims included the city of Newark; the Port of San Diego in California; the Colorado Department of Transportation and the University of Calgary in Calgary, Alberta, Canada.
There were also six healthcare-related entities attacked: Hollywood Presbyterian Medical Center in Los Angeles; Kansas Heart Hospital in Wichita; Laboratory Corporation of America Holdings in Burlington, North Carolina; MedStar Health in Columbia, Maryland; Nebraska Orthopedic Hospital in Omaha and Allscripts Healthcare Solutions Inc., in Chicago.
