U.S. indicts 2 Iranians for extorting millions from governments, companies

Nov. 28 (UPI) -- Federal prosecutors said Wednesday two Iranian nationals have been indicted for hacking and fraud charges connected with so-called "SamSam" ransomware.

Typical ransomware would lock or encrypt files or systems of computers that are infected, allowing hackers to demand ransoms in exchange for returning control of the computers.

The grand jury indicted Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, on six counts as part of a nearly three-year-long international hacking scheme officials say extorted millions from companies and governments.

The Justice Department said the scheme began three years ago when the men took advantage of security vulnerabilities to install the SamSam ransomware remotely, encrypting data on victims' computers.

The indictment said Savandi and Shah extorted some $6 million from victims including the City of Atlanta, Los Angeles' Hollywood Presbyterian Medical Center, North Carolina-based LabCorp and Chicago-based Allscripts Healthcare Solutions. Prosecutors said total losses to those entities amounted to $30 million.

The indictment did not indicate if any paid the ransom.

"The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," Deputy Attorney General Rod Rosenstein said in a statement. "The hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."

Rosenstein told reporters he hopes the indictments are a wake-up call to governments and similar business groups to back up all their files and enhance computer security systems.

Rosenstein said Savandi and Shah, who live in Iran, are fugitives and "American justice has a long arm."

"We are confident that we will take these perpetrators into custody."

He added that Savandi and Shah will face extradition if they're captured in another country "that honors the rule of law."

Assistant Attorney General Brian A. Benczkowski said there are no indications either suspect is tied to the government in Tehran.