2 Iranians charged in ransomware ‘extortion plot’ against U.S. cities, hospitals

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

By Minyvonne Burke

The U.S. indicted two Iranian citizens on charges that they carried out high-profile ransomware attacks against hospitals, municipalities and public institutions across the United States in what officials called a “high-tech, sophisticated extortion plot.”

Deputy Attorney General Rod Rosenstein said Wednesday that Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are accused of hacking into computer systems and shutting them down until a ransom was paid. They collected more than $6 million in extortion payments in bitcoin, he said.

The two men allegedly gained access to the computer networks by using a form of ransomware they called SamSam, which Rosenstein said is a “malicious computer code that encrypts the victims’ computers and then holds the computer hostage.”

“Many of the victims were public agencies with missions that involved saving lives and performing other critical missions for the American people,” the deputy attorney general said.

Savandi and Mansouri were charged Wednesday with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer and two counts of transmitting a demand in relation to damaging a protected computer.

The ransomware attacks, which began in December 2015, targeted the cities of Newark, New Jersey, and Atlanta. The attack on the Hollywood Presbyterian Medical Center in Los Angeles in February 2016 first raised the nation’s consciousness to this kind of cyberstrike.

Other targets of the malware attacks included Colorado’s Department of Transportation and hospitals in Illinois, Maryland, Nebraska, Kansas and North Carolina. There have been over 200 targets, prosecutors said. Damages amounted to more than $30 million.

The most recent attack was in September 2018, when Savandi and Mansouri allegedly gained access to the computer system at the Port of San Diego and demanded the corporation pay a Bitcoin ransom, according to the indictment.


We're not around right now. But you can send us an email and we'll get back to you, asap.


Log in with your credentials

Forgot your details?