The US Justice Department announced that two Iranian hackers were behind an international computer hacking and extortion scheme. This scheme had also affected the Port of San Diego during September, disrupting its information technology systems.
On September 25, 2018 the Port of San Diego announced its cyber attack, that caused the port to work with limited functionality, something that affected the Port’s service in the areas of park permits, public records requests, and business services.
Following, the US Department of Justice published a press release on that matter, giving details on two Iranian men behind an international computer hacking, that have collected over $6 million USD in ransom payments to date, indicted for deploying ransomware to export hospitals, municipalities and public institutions that caused more than $30 million in losses.
A federal grand jury charged the two Iranian hackers, Faramarz Shahi Savandi aged 34, and Mohammad Mehdi Shah Mansouri aged 27, on a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware, called ‘SamSam Ransomware’.
[smlsubform prepend=”GET THE SAFETY4SEA IN YOUR INBOX!” showname=false emailtxt=”” emailholder=”Enter your email address” showsubmit=true submittxt=”Submit” jsthanks=false thankyou=”Thank you for subscribing to our mailing list”]
More specifically, it was found out that the two hackers, acting from inside Iran, deployed the ‘SamSam Ransomware’, which encrypts data on the victims’ computers. Savandi and Mansouri created the first version of the ‘SamSam Ransomware’ in 2015 and enhanced it during 2017. The defendants also used overseas computer infrastructures to commit the attacks. They also used high-tech online reconnaissance techniques, such as scanning for computer network vulnerabilities, and researched online in order to opt for and target potential victims. The defendants would also disguise their attacks to appear like legitimate network activity.
Moving on, the Justice Department supports that the hackers employed the use of Tor, a computer network designed to facilitate anonymous communication over the internet. The defendants maximized the damage by attacking outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers.
The two hackers after the attack, would demand a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers.
Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in relation with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.
The victims include the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada and six health care-related entities.