US DoJ Charges Two Iranian Hackers for SamSam Ransomware Attacks

On Wednesday 28 November, the United States Department of Justice announced charges against two Iranians for their involvement in SamSam ransomware.

SamSam ransomware is a virus that uses brute force attacks. It is estimated that it has earned 6 million dollars in two and a half years. It is also estimated that the attacks caused more than $30 million in damages. The virus is prevalent across the US and some Asian countries.

SamSam ransomware was normally distributed in targeted attacks, and installed manually, rather than from an email campaign, as is normally typical in ransomware attacks. When SamSam has infected the intended network, it encrypts the system and demands money from the victims in order to decrypt the system. The ransom asked for is extremely high at $500,000 in Bitcoin, which is much higher than normally requested. For this reason, the attacks disproportionately attacked large businesses.

Some victims of the attacks include: the Colorado Department of Transportation, The University of Calgary, Hollywood Presbyterian Medical Centers, the City of Atlanta, the City of Newark, the Port of San Diego, Kansas Heart Hospital, MedStar Health, Nebraska Orthopedic Hospital, and Allscripts Healthcare Solutions Inc.

The hackers have been named as Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27. The pair has been charged with several accounts of fraud charges and computer hacking charges.

The pair are residing in Iran, meaning despite the charges, the US Department of Justice has been unable to arrest them. They have been added to the list of wanted hackers compiled by the FBI.

Iran has no extradition policy with the United States, meaning it is unlikely the two men will be extradited to face the charges in the US. However, because of extradition agreements with other countries, the Iranians will be restricted in where they can travel to and would be safer staying within Iran’s borders.