WASHINGTON (Reuters) – The United States on Wednesday indicted two Iranians for launching a major ransomware cyber attack known as “SamSam” and sanctioned two others for helping exchange the ransom payments from Bitcoin digital currency into rials.
The 34-month long hacking scheme wreaked havoc on hospitals, schools, companies and government agencies, including the cities of Atlanta, Georgia, and Newark, New Jersey, causing over $30 million in losses to victims and allowing the alleged hackers to collect over $6 million in ransom payments.
The deployment of the SamSam ransomware represented some of the most high-profile cyber attacks that have occurred on U.S. soil, including one in 2016 that forced Hollywood Presbyterian Hospital in Los Angeles to turn away patients and one last year that shut down Atlanta courts and much of its city government.
The six-count indictment, unsealed Wednesday in the U.S. District Court for the District of New Jersey, charges Iran-based Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27 with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud related to computers, and other counts accusing them of intentionally damaging protected computers and illegally transmitting demands related to protected computers.
The Treasury Department, meanwhile, said it had sanctioned Ali Khorashadizadeh and Mohammad Ghorbaniyan for exchanging digital ransomware payments into rials.
Neither Khorashadizadeh nor Ghorbaniyan were named in the indictment, though the indictment appeared to reference their activities.
“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Brian Benczkowski, in announcing the criminal charges on Wednesday.
Reuters could not immediately locate the four Iranians named by the U.S. government, and it will likely be difficult to hold them accountable in a federal court because the United States does not have an extradition treaty with Iran.
However, Deputy Attorney General Rod Rosenstein told reporters at a press conference that he remains confident they might one day be brought to justice.
“These defendants are now fugitives from American justice,” Rosenstein said. “American justice has a long arm and we will wait and eventually, we are confident that we will take these perpetrators into custody.”
According to the Treasury, the SamSam ransomware scheme targeted more than 200 victims.
In addition to Atlanta and Newark, other victims cited by the Justice Department included healthcare companies such as Laboratory Corporation of American Holdings, the Colorado Department of Transportation, Medstar Health, the port of San Diego and the Nebraska Orthopedic Hospital.
Reporting by Sarah N. Lynch; Additional reporting by Lisa Lambert, Makini Brice and Timothy Ahmann in Washington, Jim Finkle in New York and Babak Dehghanpisheh in Geneva; Editing by Susan Thomas