Iranian hackers have been charged by the U.S. in a cyberattack scheme that shut down the computer systems of U.S. hospital, schools, universities, police departments and utility companies and forced them to pay million to regain control of their servers.
Hackers used ransomware called SamSam to lock files and computer systems, the BBC reported. The systems were only unlocked when the ransom fee was paid.
Two Iranians, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, hit 230 victims who paid more than a combined $30 million to have their files unlocked. One victim, a hospital in Hollywood, was forced to turn away patients because of the attack.
A number of different government facilities fell victim to the attack in Atlanta, including the police department. A utility company in Atlana was also infected.
The ransomware was also used against facilities in the UK and Canada.
“To execute the SamSam ransomware attack, cyber actors exploit computer network vulnerabilities to gain access and copy the SamSam ransomware into the network,” the FBI explained.
“Once in the network, these cyber actors use the SamSam ransomware to gain administrator rights that allow them to take control of a victim’s servers and files, without the victim’s authorization.
“The cyber actors then demand a ransom be paid in Bitcoin in order for a victim to regain access and control of its own network.”
Analysts said the ransomware was not particularly sophisticated. Rather it was effective because the computer systems it was able to infect were poorly maintained and out-of-date.
The ransom money was paid by Bitcoin, a digital currency, to two separate “wallets” (accounts).
The U.S. Treasury imposed sanctions on two other Iranians — Ali Khorashadizadeh and Mohammad Ghorbaniyan – and their Bitcoin accounts for helping the attackers convert the ransom money from Bitcoin into Iranian currency.
The case marks the first time digital currency accounts were put under sanctions. As for the hackers themselves, the FBI stated:
“Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement, they can be apprehended if they travel, and the United States is exploring other avenues of recourse.”