Iranian Ransomware Suspects Charged and At-Large

This week, the Federal Bureau of Investigation (FBI) announced that it had charged two men in connection with a ransomware attack that impacted certain regional computer networks between 2015 and 2018.

Faramarz Shahi Savandi and Mochammad Mehdi Shah Mansouri, both Iranian nationals, via the SamSam ransomware, “infiltrated computer networks in Atlanta, Newark, and San Diego, as well as those of major health care providers, the University of Calgary, and others,” according to the FBI.

Once the software had successfully gained access to the networks in question, it would encrypt users’ data, demand payment before the perpetrators would restore access, and threaten permanent loss of data if the payment was not made. Assistant Attorney General Brian A. Benczkowski called the practice “21st century blackmail.”

The attacks affected more than 230 entities, with the perpetrators able to extort more $6 million from victims, while causing “an estimated $30 billion in damages to the affected public and private institutions."

Both men were charged with “one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer, and two substantive counts of transmitting a demand in relation to damaging a protected computer.”

According to the FBI, however, both men are in Iran “and currently out of the reach of U.S. law enforcement,” though “they can be apprehended if they travel, and the United States is exploring other avenues of recourse.”

The FBI also directed agency CISOs and private sector CEOs to additional information on ransomware prevention and response, noting that law enforcement agencies have witnessed “an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher.”

“These criminals have evolved over time and now bypass the need for an individual to click on a link,” said FBI Cyber Division Assistant Director James Trainor. “They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”

Posted in The Takedown


You can't afford NOT to have FEDS protection.

Visit FEDS Online

This Week on FEDtalk

Two Opportunities for You

Tune in to the next episode of FEDtalk on Friday, November 30th, 2018, to hear the latest from Shane Canfield, CEO of WAEPA, who will be discussing the company’s new offerings, and what federal employees should be thinking about, with Open Season in full swing. Also on the program will be Senior Executives Association President Bill Valdez discussing the upcoming 2018 Presidential Rank Awards Leadership Summit, to be held on December 13, 2018.

Read more ...

Hear it from FLEOA

An Update on the OPM Cyber Breach

In the wake of the most recent data breach of Equifax, FLEOA has provided an update on the June 2015 Office of Personnel Management (OPM) data breach to include claims, lawsuits and legislation.

Read more ...

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2018
Hosted by Peak Media Company, LLC