0
1
U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware.
The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed.
The duo used SamSam ransomware to extort over $6 million in ransom payments since 2015, and also caused more than $30 million in damages to over 200 victims, including hospitals, municipalities, and public institutions.
According to the indictment, Savandi and Mansouri have been charged with a total of six counts, including one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer, and two counts of transmitting a demand in relation to damaging a protected computer.
Since both hackers live in and operated from Iran, they have not yet been arrested by the United States authorities and the FBI has added them on their list of wanted hackers.
According to the indictment, Savandi and Mansouri created the first version of the SamSam Ransomware in December 2015 and created further refined versions of the threat in June and October 2017.
Unlike most ransomware infections, SamSam was not distributed in an unplanned way via spam email campaigns. Instead, the attackers chose potential targets and infected systems manually.
Attackers first compromised the RDP on a targeted system—either by conducting brute force attacks or using stolen credentials—and then attempted to strategically deploy SamSam throughout the network by exploiting vulnerabilities in other systems.
Once on the entire network, SamSam encrypts the system’s data and demands a huge ransom payment (usually more than $50,000 which is much higher than normal) in Bitcoin in exchange for the decryption keys.
Source :https://thehackernews.com/2018/11/samsam-ransomware-iranian-hackers.html
