FBI Indicts SamSam Ransomware Suspects

Posted on the 17 December 2018 by Darkwebnews @darkwebnews

The U.S. and Canada recently fell victim to a severe cybercrime scheme that affected the operations of several critical networks in both countries.

The U.S. Federal Bureau of Investigation have filed an indictment accusing two men from Iran of masterminding the crime.

The two men allegedly launched ransomware to various organizations including hospitals, public institutions and municipalities to extort them.

The SamSam Ransomware Attack

The cybercriminals in this case have been using the SamSam ransomware to extort their victims.

These offenders have managed to infiltrate the computer networks of over 200 entities since 2015.

Some of the victims of this ransomware attack include the cities of San Diego, Newark and Atlanta, the University of Calgary, the Colorado Department of Transportation as well as six major healthcare centers.

According to U.S. Assistant Attorney General Brian A. Benczkowski, the hackers used the ransomware for blackmail purposes.

Once they launched SamSam, it would encrypt the organizations' files and data.

The hackers would then contact their victims and demand a virtual currency payment to restore their access to the networks.

They used Tor for anonymous communications and the dark web to keep their operation hidden.

Furthermore, these cybercriminals often launched their attacks outside the victims' office hours to make it more difficult for them to mitigate the threat.

They also encrypted the backups of the targets' computers.

The attackers would paralyze the victims' business operations and force them to fulfill their demands for ransom.

So far, they have successfully extorted more than $6 million in ransom and caused damages worth about $30 million.

The FBI Criminal, Cyber, Response and Services Branch Executive Director Amy Hess stated that the cybercrimes have been coming from Iran.

Hess referred to these crimes as a serious threat, considering the institutions they have been targeting.

However, Hess assured that the FBI is developing more sophisticated methods of fighting these offenses as the cybercriminals upgrade their techniques.

The FBI investigated the cyberattack with the help of the West Yorkshire Police, Calgary Police Service, Royal Canadian Mounted Police along with the U.K. National Crime Agency.

Additionally, the Criminal Division's Office of International Affairs and the National Security Division of the Justice System aided the investigative team.

Hess is optimistic that the fight against these attacks will be successful with the collaboration between the law enforcement teams and the victims.

The aim is to bring these criminals to justice and dismantle the livelihoods they have built from the attacks.

The Indictment

The Justice Department unsealed an indictment in Newark, New Jersey on November 28. The federal grand jury in charge of the case returned the indictment.

The New Jersey DA, Craig Carpenito, charged Faramarz Shahi Savandi (34 years old) and Mohammad Mehdi Shah Mansouri (27 years old) with involvement in computer hacking and extortion using sophisticated malware.

The charges totaled to six, including two conspiracy charges, one to commit computer-related fraud and the other to commit wire fraud.

The charges also included two counts of international computer damage and two more counts of making a demand related to the destruction of protected computers.

Based on the indictment, the suspects allegedly committed the crimes while in Iran. The two began these attacks in December 2015.

They took advantage of the vulnerabilities in their victims' networks.

Benczkowski reported that there has never been an indictment of this kind before.

The severity of these attacks has motivated the Criminal Division to be more relentless in the pursuit of cybercriminals that victimize Americans.

The indictment further provided details of the creation of the ransomware. The two men allegedly came up with SamSam in 2015.

In 2017, they improved the malware twice, the first time in July and the next in October.

The suspects purportedly used computer infrastructure from abroad to attack their victims. They further relied on Iranian Bitcoin exchanges.

The cybercriminals used highly sophisticated techniques.

These alleged criminals researched their victims online before launching their attacks. They masked these crimes as legitimate activity.

The last cyberattack by these criminals was on September 25.

The suspects are still in Iran. However, the indictment implies that the U.S. law enforcement can arrest the suspects if they travel outside their home country.

The U.S., nonetheless, is working on other ways of bringing the suspects to justice.

Public Participation in Fighting Cybercrime

The FBI has encouraged the victims of cybercrime to file online complaints with the Internet Crime Complaint Center (IC3), which is responsible for reviewing claims and investigating criminal activity.

The IC3 works with law enforcement officers by sending information to aid them in investigating cyberattacks affecting their respective regions.

Hess also stated that the public could prevent these crimes by maintaining high levels of computer security.

According to Carpenito, the institutions that the criminals attacked were among the most susceptible targets.

Disclaimer: