More of the immeasurable contributions of Muslim immigration.
Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses
November 28, 2018
A federal grand jury returned an indictment unsealed today in Newark, New Jersey charging Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, in a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware, announced Deputy Attorney General Rod J. Rosenstein, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Craig Carpenito for the District of New Jersey and Executive Assistant Director Amy S. Hess of the FBI.
Story continues below advertisementThe six-count indictment alleges that Savandi and Mansouri, acting from inside Iran, authored malware, known as “SamSam Ransomware,” capable of forcibly encrypting data on the computers of victims. According to the indictment, beginning in December 2015, Savandi and Mansouri would then allegedly access the computers of victim entities without authorization through security vulnerabilities, and install and execute the SamSam Ransomware on the computers, resulting in the encryption of data on the victims’ computers. These more than 200 victims included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.
According to the indictment, Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers. The indictment alleges that, as a result of their conduct, Savandi and Mansouri have collected over $6 million USD in ransom payments to date, and caused over $30 million USD in losses to victims.
“The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims,” said Deputy Attorney General Rosenstein. “According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”
“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Benczkowski. “These defendants allegedly used ransomware to infect the computer networks of municipalities, hospitals, and other key public institutions, locking out the computer owners, and then demanded millions of dollars in payments from them. As today’s charges demonstrate, the Criminal Division and its law enforcement partners will relentlessly pursue cybercriminals who harm American citizens, businesses, and institutions, regardless of where those criminals may reside.”
“The defendants in this case developed and deployed the SamSam Ransomware in order to hold public and private entities hostage and then extort money from them,” said U.S. Attorney Carpenito. “As the indictment in this case details, they started with a business in Mercer County and then moved on to major public entities, like the City of Newark, and healthcare providers, like the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita—cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption. The charges announced today show that the U.S. Attorney’s Office for the District of New Jersey will continue to act to disrupt such criminal acts, and identify those who are responsible for them, no matter where in the world they may seek to hide.”
“This indictment demonstrates the FBI’s continuous commitment to unmasking malicious actors behind the world’s most egregious cyberattacks,” said Executive Assistant Director Hess. “By calling out those who threaten American systems, we expose criminals who hide behind their computer and launch attacks that threaten our public safety and national security. The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities. The FBI, with the assistance of our private sector and U.S. government partners, are sending a strong message that we will work together to investigate and hold all criminals accountable.”
Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.
According to the indictment, Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015, and created further refined versions in June and October 2017. In addition to employing Iran-based Bitcoin exchangers, the indictment alleges that the defendants also utilized overseas computer infrastructure to commit their attacks. Savandi and Mansouri would also use sophisticated online reconnaissance techniques (such as scanning for computer network vulnerabilities) and conduct online research in order to select and target potential victims, according to the indictment. According to the indictment, the defendants would also disguise their attacks to appear like legitimate network activity.
To carry out their scheme, the indictment alleges that the defendants also employed the use of Tor, a computer network designed to facilitate anonymous communication over the internet. According to the indictment, the defendants maximized the damage caused to victims by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers. This was intended to—and often did—cripple the regular business operations of the victims, according to the indictment. The most recent ransomware attack against a victim alleged in the indictment took place on Sept. 25, 2018.
This case was investigated by the FBI’s Newark Field Office. Senior Counsel William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney and Chief of the Cybercrimes Unit Justin S. Herring of the District of New Jersey are prosecuting the case. The Department thanks its law enforcement colleagues at the National Crime Agency (UK), West Yorkshire Police (UK), Calgary Police Service (Canada), and the Royal Canadian Mounted Police. Significant assistance was provided by the Justice Department’s National Security Division and the Criminal Division’s Office of International Affairs.
Victims are encouraged to contact their local FBI field office and file a complaint online with the Internet Crime Complaint Center (IC3). The IC3 staff reviews complaints, looking for patterns or other indicators of significant criminal activity, and refers investigative packages of complaints to the appropriate law enforcement authorities in a particular city or region. The FBI provides a variety of resources relating to ransomware through the IC3, which can be reached at www.ic3.gov. For more information on ransomware prevention, visit: https://www.ic3.gov/media/2016/160915.aspx
Charges contained in an indictment are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The Truth Must be Told
Your contribution supports independent journalism
Please take a moment to consider this. Now, more than ever, people are reading Geller Report for news they won't get anywhere else. But advertising revenues have all but disappeared. Google Adsense is the online advertising monopoly and they have banned us. Social media giants like Facebook and Twitter have blocked and shadow-banned our accounts. But we won't put up a paywall. Because never has the free world needed independent journalism more.
Everyone who reads our reporting knows the Geller Report covers the news the media won't. We cannot do our ground-breaking report without your support. We must continue to report on the global jihad and the left's war on freedom. Our readers’ contributions make that possible.
Geller Report's independent, investigative journalism takes a lot of time, money and hard work to produce. But we do it because we believe our work is critical in the fight for freedom and because it is your fight, too.
Please contribute here.
or
Make a monthly commitment to support The Geller Report – choose the option that suits you best.
Quick note: We cannot do this without your support. Fact. Our work is made possible by you and only you. We receive no grants, government handouts, or major funding. Tech giants are shutting us down. You know this. Twitter, LinkedIn, Google Adsense, Pinterest permanently banned us. Facebook, Google search et al have shadow-banned, suspended and deleted us from your news feeds. They are disappearing us. But we are here.Subscribe to Geller Report newsletter here— it’s free and it’s essential NOW when informed decision making and opinion is essential to America's survival. Share our posts on your social channels and with your email contacts. Fight the great fight.
Follow Pamela Geller on Gettr. I am there. click here.
Follow Pamela Geller on Trump's social media platform, Truth Social. It's open and free.
Remember, YOU make the work possible. If you can, please contribute to Geller Report.
Join The Conversation. Leave a Comment.
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spammy or unhelpful, click the - symbol under the comment to let us know. Thank you for partnering with us to maintain fruitful conversation.
If you would like to join the conversation, but don't have an account, you can sign up for one right here.
If you are having problems leaving a comment, it's likely because you are using an ad blocker, something that break ads, of course, but also breaks the comments section of our site. If you are using an ad blocker, and would like to share your thoughts, please disable your ad blocker. We look forward to seeing your comments below.
They will not be extradited and have been rewarded. The whole charade is an exercise in futility. Our government must get involved in a major way.
They should be stripped of citizenship and DEPORTED.
If I remember correctly, didn’t patients also DIE at these hospitals since doctors and nurses did not have access to online records unless this ransom was paid? Or am I thinking of a different situation?
You can’t deport someone not physically in the USA. Iran will never extradite them since the USA and Iran have no bilateral relations.
They never were present in the USA. It was done via the internet.
Ah, I missed that! Nothing will happen to them.
“The six-count indictment alleges that Savandi and Mansouri, acting from inside Iran, authored malware, known as “SamSam Ransomware,” capable of forcibly encrypting data on the computers of victims. “
…well, Ronnie Rosenstein had to make it look like he is actually doing his job instead of hounding President Trump and other Conservatives….
Yes I was supprised Rosenstein took time from his busy schedule of disposing of President Trump to do anything else. But note that the suspects are not in custody yet and are most likely hiding out in Iran.
The deepstate wins again.
The biggest problem with this investigation into ransomware cybercrime is the persons involved live in the Islamic Republic of Iran. These two men can not be extradited to the United States and no money can be recovered, since the United States does not have diplomatic relations with Iran. The only thing the United States can do is continue the economic sanctions against Iran. So this FBI investigation can only gather information on how this cybercrime happened and use this information to prevent cybercrime attacks from the country of Iran.
…why don’t we have hackers to break into Iran’s weapons systems, banks, and military facilities? Shut them down.
If not in the works now, it should be.
Allegations? they’re laughing all the way to the bank — What are we going to do? We are’nt exactly on any kind of ‘ terms ‘ with iran –
…the only “term” I want with Iran is a few replaced ICBMs….take out the leaders and free the citizens….
I agree – but its almost comical if so many innocent people had’nt gotten screwed over – That they are going to try to go after these individuals – supposedly – when the only discourse we have with those psychopaths are threats..When is this country going to catch up to then rest of the world when it comes to IT security ..
True.
I have a correction to my post….I meant “well placed ICBMs” ….hate auto correction :0)
Hmm, Savation for the American people is revealed.
I was just watching a video about an audiophile exhibit and marveled at all the technology and shiny new “stuff”, thousands of recordings and music and was thinking how this never happens in Mouslem countries.
There is just no way such technological advances could come out of these culturally backward retards who screw donkeys in their pastime when they are not busy raping boys, doing female genital mutilations, throwing sodomites off of roofs or beheading someone they don’t agree with.
There are many highly educated people in Iran. The government is set up to support terrorism overseas and tyranny in the homeland instead of providing a setting in which there would be economic development. But rest assured there are plenty of very educated Muslims in Iran and elsewhere. Most Iranians are not out to destroy Western institutions, but some are.
I heard most Iranians like America. it’s a shame the Muellers, er Mullahs took over.
True. most Iranians want to be free from tyranny. Just a few decades ago they lived very modern lives.
Your Negro was a sodomite. A liar and bumbling idiot. He was no “magical” Negro.
Projecting again Bashir?
If you want to end this sort of thing you make it a capital crime. It would be nice if the case could be heard by a military tribunal rather than in soft civil courts with Obama judges.
That’s right.
Can these problems be stopped? Can these hackers be stopped? If the answer is no, then you cannot destroy that which you do not control.
Those who engage in such crimes, to disturb people, to cause people grief, and trouble, are they not aware of the negativity they are attracting to themselves. One knows how it goes with evil. People should think, and consider what they do.
Maybe I missed it in the article….but I didn’t see where these two criminals were arrested or in custody….
They can indict Santa Claus, but arresting him is something else.
These guys are in Iran. They’ll probably get a medal from the government for their deeds.
Getting these guys here will take some doing, for sure.
They’d probably have a better chance of getting St.Nick.Better to locate where they are physically and send a ‘ few ‘ tomahawks their way..
These are the guys that ‘PCMatic’ has been advertising they can stop. But extraditing the Iranians will not be easy for the Feds.
We are an insane nation to be training our enemies in the ways to attack and destroy us. All muslims should be purged from the education system.
Could iran be cut off from the internet entirely?