Thank you, Deputy Attorney General Rosenstein.
Today we are announcing the first-ever indictment against
criminal actors for deploying a for-profit ransomware, hacking, and extortion
scheme.
According to the indictment, Faramarz Shahi Savandi and
Mohammad Mehdi Shah Mansouri, both operating in Iran, authored and deployed a
sophisticated, malicious software called the SamSam Ransomware to hack into the
networks and encrypt the computers of U.S. hospitals, schools, companies,
government agencies, and other entities.
Some of their victims included:
the City of Newark, New Jersey;
the Colorado
Department of Transportation;
Nebraska
Orthopedic Hospital;
the City of
Atlanta;
LabCorp of
America;
MedStar Health;
and
the Port of San
Diego.
The defendants’ objective allegedly was to prevent these
victims from accessing or using data on the compromised computers, forcing them
to shut down or dramatically curtail their operations. According to the indictment, the defendants
then extorted ransom payments from their victims by threatening otherwise to
delete the decryption keys needed to unlock the compromised computers.
For example, on May 28, 2016, the defendants allegedly
accessed the network of Kansas Heart Hospital and deployed the SamSam
Ransomware to encrypt the hospital’s computers. They then extorted the hospital
by demanding a ransom payment in Bitcoin in exchange for the decryption keys
for the compromised data.
According to the indictment, the defendants conducted online
searches concerning the hospital and accessed its website a few days before the
attack. This was just one alleged
example of the defendants’ efforts to select and target their victims.
The defendants did not just indiscriminately “cross their
fingers” and hope their ransomware randomly compromised just any computer
system. Rather, they deliberately
engaged in an extreme form of 21st-century digital blackmail, attacking and
extorting vulnerable victims like hospitals and schools, victims they knew
would be willing and able to pay.
In total, the defendants allegedly hacked and extorted more
than 200 victims, and collected more than $6 million in criminal proceeds. The victims also incurred additional losses
exceeding $30 million because they were unable to access their data.
The indictment unsealed today in the District of New Jersey
charges Savandi and Mansouri with:
conspiracy to
commit fraud and related activity in connection with computers;
conspiracy to
commit wire fraud;
intentional damage
to a protected computer; and
transmitting a
demand in relation to damaging a protected computer.
As a result of the indictment, the defendants are now
fugitives from justice. This case
demonstrates the Department of Justice’s commitment to identifying and
prosecuting cybercriminals, wherever they choose to base their operations. We will continue to work together with our
law enforcement partners, here in the United States and around the world, along
with victims, to gather evidence and build cases to ensure there are no safe
havens for cybercriminals to operate.
Most importantly—as you will hear in more detail from my
colleagues on the stage—we want to get the word out that every sector of our
economy is a potential target of malicious cyber activity. The events described in this indictment
highlight the need for businesses, healthcare institutions, universities, and
other entities to emphasize cyber security, increase threat awareness, and
harden their computer networks.
Before I turn it over to U.S. Attorney Craig Carpenito to
discuss the charges in more detail, I’d also like to extend my gratitude to:
the prosecutors in
his office, and here in the Criminal Division’s Computer Crime and Intellectual
Property Section, particularly Justin Herring and Bill Hall;
the team of FBI
investigators;
the National Crime
Agency (UK);
the West Yorkshire
Police (UK);
the Calgary Police
Service (Canada); and
the Royal Canadian
Mounted Police, who together are responsible for helping us to build this
important case.
Craig, over to you.
It’s great to be with you here today.
Posts
No comments:
Post a Comment