U.S. DoJ charges Iranian duo over SamSam Ransomware activity

Pierluigi Paganini November 29, 2018

The U.S. DoJ charges two Iranian men over their alleged role in creating and spreading the infamous SamSam ransomware.

Two Iranian men, Faramarz Shahi Savandi (34) and Mohammad Mehdi Shah Mansouri (27) have been charged by DoJ for their role in creating and distributing the dreaded SamSam ransomware.

The duo faces six hacking and extortion-related charges, including conspiracy to commit wire fraud, intentional damage to a protected computer, conspiracy to commit fraud and related activity in connection with computers,  and transmitting a demand in relation to damaging a protected computer.

The two Iranians are accused to have developed the SamSam ransomware in December 2015 and have continuously improved it.

“Extorted the Victims for ransom payments in exchange for the decryption keys to unlock the compromised computers.” reads the DoJ indictment. 

“The defendants hacked, encrypted, and extorted more than 200 Victims, and collected more than $6 million in ransom payments. The Victims incurred additional losses exceeding $30 million resulting from the loss of access to their data.”

The hackers extorted over 200 organizations, including public institutions, municipalities, and hospitals, they have caused over $30 million in losses.

In March 2018, computer systems in the City of Atlanta were infected by ransomware, the cyber attack was confirmed by the City officials.

The ransomware infection has caused the interruption of several city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information.

One of the latest attacks hit the port of San Diego in September,  the incident impacted the processing park permits and record requests, along with other operations.

In February, SamSam ransomware infected over 2,000 computers at the Colorado Department of Transportation (DOT), the DOT has shut down the infected workstations.

In August, Sophos security firm published a report the SamSam ransomware, its experts tracked Bitcoin addresses managed by the crime gang and discovered that crooks had extorted nearly $6 million from the victims since December 2015 when it appeared in the threat landscape.

“SamSam has earned its creator(s) more than US$5.9 Million since late 2015.
74% of the known victims are based in the United States. Other regions known to have
suffered attacks include Canada, the UK, and the Middle East.” reads the report published by Sophos.

“The largest ransom paid by an individual victim, so far, is valued at US$64,000, a
significantly large amount compared to most ransomware families.”

Sophos tracked the Bitcoin addresses reported in all the SamSam versions it has spotted and discovered that 233 victims paid an overall amount of $5.9 million, the security firm also estimated that the group is netting around $300,000 per month.

Prosecutors reported that Savandi and Mansouri used Iranian Bitcoin exchanges to exchange the cryptocurrency into Iranian rial.

The crooks used the Tor network to avoid being tracked, exports noticed that also encrypted data backups to prevent victims from recovering their encrypted files.

Authorities inserted the two Iranians in the FBI’s Cyber Most Wanted list.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – SamSam ransomware, Iranian hackers)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment