US indicts Iranians over hospital ransomware attacks
washington — The US Justice Department charged two Iranian hackers on Wednesday with extorting at least $6 million from hospitals, city governments and public institutions in the US and Canada by remotely locking down their computer systems.
The DOJ said Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri deployed the SamSam Ransomware into the systems of more than 200 institutions, encrypting their operations to make them inaccessible until the owners paid ransoms by bitcoin.
Victims included the city governments of Atlanta, Georgia and Newark, New Jersey, the University of Calgary in Canada, US hospitals in Los Angeles and Kansas City, and Laboratory Corporation of America, or LabCorp, one of the world’s largest medical testing businesses.
“The hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims,” said Deputy Attorney General Rod Rosenstein.
The six-count indictment said the two men — who are still in Iran — began in December 2015 to hack into target computer systems to install the SamSam malware.
Once the malware was executed, it would encrypt all of the data on the victims’ computers, and electronic notes would be left behind telling administrators how to pay a ransom to have their data unlocked. When the city of Atlanta was hit, government computers serving a population of a half-million were crippled for six days in March 2018.
People could not pay bills and businesses could not receive payments. The demanded payments were usually relatively small, making it easier for some executives to decide to pay. The Indiana hospital Hancock Health paid four bitcoin — $55,000 at the time — in January 2018 to get its systems unfrozen.
“The defendants did not just indiscriminately ‘cross their fingers’ and hope their ransomware randomly compromised just any computer system,” said Assistant Attorney General Brian Benczkowski.
“Rather, they deliberately engaged in an extreme form of 21stcentury digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing and able to pay.” —
Hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city govs, hospitals, and countless innocent victims
Rod Rosenstein, Deputy Attorney General