Two Iranian men were being sought by the FBI for what one official called “21st-century digital blackmail” that netted them more than $6 million while racking up over $30 million in losses to hospitals, municipalities and public agencies across North America.
Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, operated an international computer hacking and extortion racket for more than 2½ years, a grand jury indictment unsealed Wednesday morning in U.S. District Court in Newark charges.
Working from inside Iran, Savandi and Mansouri authored “SamSam Ransomware” that was “capable of forcibly encrypting data,” the indictment says.
After hacking their way into the computer systems of victims in 10 states and Canada, they installed and executed the ransomware, it says.
Savandi and Mansouri then extorted victims by demanding a ransom paid in Bitcoin in exchange for decryption keys, the federal indictment charges. They then converted the Bitcoin proceeds into Iranian money, it says.
“The defendants in this case developed and deployed the SamSam Ransomware in order to hold public and private entities hostage and then extort money from them,” U.S. Attorney Craig Carpenito said.
They began with a business in South Jersey, “then moved on to major public entities, like the City of Newark, and healthcare providers, like the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita – cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption,” the U.S. attorney said.
More than 200 victims included:
- The city of Atlanta, GA;
- The city of Newark, NJ;
- The Port of San Diego;
- The Colorado Department of Transportation;
- The University of Calgary in Calgary, Alberta, Canada.
They also included six health care-related entities:
- Laboratory Corporation of America Holdings (more commonly known as LabCorp), headquartered in Burlington, NC;
- Hollywood Presbyterian Medical Center in Los Angeles, CA;
- Kansas Heart Hospital in Wichita, KA;
- MedStar Health, headquartered in Columbia, MD;
- Nebraska Orthopedic Hospital (now known as OrthoNebraska Hospital) in Omaha, NE;
- Allscripts Healthcare Solutions Inc., headquartered in Chicago.
Savandi and Mansouri are charged with conspiracy to commit wire fraud, conspiracy to commit fraud and related activity in connection with computers, causing intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.
Federal authorities asked that anyone who information about them contact the local FBI office or the nearest American embassy or consulate.
The FBI’s Newark Field Office investigated the case, which is being prosecuted by Assistant U.S. Attorney Justin S. Herring (chief of the Cybercrimes Unit) and Senior Counsel William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section.
The FBI thanked international law enforcement colleagues at the National Crime Agency (UK), West Yorkshire Police (UK), Calgary Police Service (Canada), and the Royal Canadian Mounted Police.
“Significant assistance was provided by the Justice Department’s National Security Division and the Criminal Division’s Office of International Affairs,” Carpenito added.
Click here to sign up for Daily Voice's free daily emails and news alerts.