The U.S. indicted two Iranians on Wednesday for launching a major ransomware cyber attack, known as “SamSam”, and sanctioned two others for exchanging the ransom payments from digital currency Bitcoin into Iranian rials.

The 34-month long hacking scheme targeted over 200 victims, including schools, companies, hospitals, and government agencies, including the cities of Atlanta, Georgia, and Newark, New Jersey. It caused over $30 million damage, with some hospitals having to turn away patients and the majority of Atlanta’s city government having to be shut down, and the alleged hackers collected ransoms of roughly $6 million.

Charges and sanctions

The six-count indictment, unsealed by the US District Court for New Jersey, charges Iran-based Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27 with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud related to computers, and other counts accusing them of intentionally damaging protected computers and illegally transmitting demands related to protected computers.

Assistant Attorney General Brian Benczkowski said: “The allegations in the indictment unsealed today — the first of its kind — outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail.”

The Treasury Department also announced sanctions against Ali Khorashadizadeh and Mohammad Ghorbaniyan for exchanging the Bitcoin payments into rials. Neither were named in the indictment, although it did reference their activities.

What will happen next?

It is unlikely that any of them will be held accountable because the US does not have an extradition treaty with Iran, but Deputy Attorney General Rod Rosenstein is confident that eventually, the US will be able to catch them.

This is not likely to stop Iranian hackers, who often work at the behest of the Regime, from committing further cyber attacks against the US. Kimberly Goody, who manages financial crime analysis for cybersecurity firm FireEye, explained that at most, the SamSam hackers would take a break to modify their operations and make it more difficult to identify.

However, the bright spot is that the more the US learns about Iran’s cyber attacks, the better they can prevent against the next ones. Also, as the Iranian Regime is often ordering the hacks, further sanctions against the Regime will cut off their funding and decrease the likelihood of worse attacks.


While over 200 victims were identified, only 12 were named in the Justice Department’s indictment, including:

1. Atlanta

2. Newark

3. Laboratory Corporation of American Holdings

4. Allscripts Healthcare Solutions, Inc

5. The Colorado Department of Transportation

6. MedStar Health

7. San Diego Port

8. The University of Calgary

9. Nebraska Orthopedic Hospital

10. Mercer County Business

11. Hollywood Presbyterian Medical Centre

12. Kansas Heart Hospital

Source » ncr-iran