Pair Used Ransomware To Encrypt Important Data, Demanded Payments In Bitcoin In Order To Provide A Fix

NEWARK, NJ (CBSNewYork) – Two Iranian men have been indicted in what federal authorities say 34-month long computer hacking and extortion scheme that targeted the computers of the City of Newark and dozens of other hospitals, municipalities, and public institutions.

The pair allegedly used sophisticated ransomware to collect $6 million in ransom payments and caused $30 million in losses to victims.

The six-count indictment alleges that Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, acting from inside their home country to created malware, known as “SamSam Ransomware,” that forcibly encrypted data on the computers of their victims.

READ: Savandi and Mansouri Indictment 11/26/18

According to the indictment, beginning in December 2015, Savandi and Mansouri would then allegedly hack into the computers of victim to install and run the SamSam program, making it impossible for users to read their files.

dojmostwanted DOJ: Iranian Hackers Held Newark, Other Cities, Hospitals For Ransom

Faramarz Shahi Savandi, Mohammad Mehdi Shah Mansouri (credit: Department of Justice)

Investigators say Savandi and Mansouri would then demand victims pay a ransom using the virtual crypto-currency Bitcoin in exchange for decryption keys to unlock the locked data. Once the ransom was paid, they would exchange the Bitcoin proceeds into Iranian currency using Iran-based Bitcoin exchange services.

The most recent alleged hack against a victim happened on Sept. 25.

Besides the City of Newark, the Department of Justice says other targets included the City of Atlanta, Georgia; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago.

Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.