Accessibility links

Breaking News

U.S. Indicts Iranians For Multimillion-Dollar Ransomware Scheme

Sigal Mandelker, the U.S. Treasury's undersecretary for terrorism and financial intelligence

The United States has indicted two Iranian nationals for hacking and using malware as part of a ransomware scheme known as Samsam that U.S. officials said caused millions of dollars in damages.

The Justice Department said it had indicted Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, in a 34-month-long international computer hacking and extortion scheme that affected more than 200 victims, including hospitals and government agencies.

The Treasury Department said on November 27 it had sanctioned two other Iranian nationals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, for exchanging digital ransomware payments into rials, the Iranian national currency.

“Treasury is targeting digital currency exchangers who have enabled Iranian cyberactors to profit from extorting digital ransom payments from their victims,” Treasury Undersecretary for Terrorism and Financial Intelligence Sigal Mandelker said in a statement.

"As Iran becomes increasingly isolated and desperate for access to U.S. dollars, it is vital that virtual currency exchanges, peer-to-peer exchangers, and other providers of digital currency services harden their networks against these illicit schemes,” Mandelker added.

The Justice Department said it had indicted Savandi and Mansouri for infecting data networks in 10 U.S. states and Canada with SamSam.

Victims included large U.S. cities such as Atlanta and other major public agencies, as well as health-care companies such as Laboratory Corporation of American Holdings, the Justice Department said.

Authorities said that the SamSam infections caused $30 million in losses and damages and that the hackers were able to make about $6 million.

Craig Carpenito, the U.S. attorney for New Jersey, said the scheme was a "dangerous escalation of cybercrime" because it targeted public institutions.

According to the indictment, Savandi and Mansouri created SamSam in late 2015. The two men are believed to be in Iran.

Earlier this year, the United States charged nine Iranians and an Iranian company for attempting to hack into dozens of universities in America, Europe, and East Asia, as well as government agencies.

With reporting by Reuters, AP, The Washington Post, and TechCrunch
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.