US INDICTS IRANIANS OVER LINKS TO CYBER ATTACKS
▶ Hackers disabled systems until the owners paid ransoms in Bitcoin
The US Justice Department yesterday imposed sanctions on two Iranians it said had helped to exchange digital Bitcoin currency from ransom payments into Iranian rial.
It also charged two Iranian hackers involved in a ransomware conspiracy that netted them millions of dollars.
More than 7,000 transactions in Bitcoin were traced to two digital currency addresses operated by the first two men.
Naming them as Ali Khorashadizadeh and Mohammad Ghorbaniyan, the Treasury’s Office of Foreign Assets Control said the conspiracy involved the SamSam ransomware scheme where hackers targeted electronic systems at American hospitals, universities and government agencies, causing tens of millions of dollars in damages.
Their digital currency addresses are the first to be publicly attributed to persons on a US sanctions blacklist, Ofac said.
“Treasury is targeting digital currency exchangers who have enabled Iranian cyber actors to profit from extorting digital ransom payments from their victims,” said Treasury undersecretary for Terrorism and Financial Intelligence Sigal Mandelker.
“As Iran becomes increasingly isolated and desperate for access to US dollars, it is vital that ... providers of digital currency services harden their networks against these illicit schemes.”
Criminal ransomware activity encrypts data on mainframe-style systems. The conspirators then offer to decrypt the data in return for payment.
“Treasury will aggressively pursue Iran and other rogue regimes attempting to exploit digital currencies and cyber weaknesses to further their nefarious objectives,” Ms Mandelker said.
In a related action, the Justice Department indicted two other Iranians for infecting data networks with SamSam ransomware in the US, Britain and Canada since 2015. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, both operating in Iran, used SamSam ransomware to hack into networks.
Their targets included US cities, Colorado’s transport department, a hospital and laboratory.
“The defendants’ objective allegedly was to prevent these victims from accessing or using data on the compromised computers, forcing them to shut down or dramatically curtail their operations,” the Justice Department said.
The defendants allegedly targeted more than 200 victims, and collected more than $6 million (Dh22.03m) in criminal proceeds. Victims incurred losses exceeding $30m because they were unable to access their data.
The charge says the men acted for personal profit, and were not government directed. Both men are thought to be in Iran and are considered fugitives from justice, US officials said.
The announcements came shortly before US Special Representative for Iran Brian Hook said he would today present evidence of Tehran’s transfer of arms to proxy groups and issue an update on the regime’s latest ballistic missile work.
“This display contains clear and tangible evidence that the Iranian regime is arming dangerous groups with advanced weapons, and spreading instability and conflict in the region, which poses a threat to international peace and security,” the State Department said.