The U.S. Justice Department recently announced the indictment of two Iranians involved in a high-profile Bitcoin ransomware attack.
Iranian Hackers Collect Bitcoin as Ransom
According to a report by The Washington Post, the Justice Department of the United States on Wednesday (November 28) announced the indictment of two Iranian nationals involved in cryptocurrency ransomware attacks, dating back to 2015.
Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, Iranian residing in Iran, were the masterminds of the SamSam ransomware attack. The pair infected data in the U.S, United Kingdom, and Canada as far back as 2015.
Part of the hackers’ targets included places in the United States such as Newark, Atlanta, the port of San Diego, the Transportation Department in Colorado, a medical laboratory, and a hospital. According to the Justice Department, the defendants targeted vulnerable computers and instilled ransomware, preventing victims from gaining access.
Consequently, the hackers asked victims to pay a ransom in Bitcoin to gain access or risk losing important data. According to the charges, the Iranian nationals extorted over 200 victims, with the scheme generating over $6 million. The victims also incurred financial damages worth $30 million.
Another pair of Iranians also based in Iran, Ali Khorashadizadeh and Mohammad Ghorbaniyan, was responsible for converting the ransom Bitcoin payments into the Iranian riyal. The U.S. Treasury noted that over 7,000 Bitcoin transactions were trailed to the cryptocurrency addresses of both men.
The Treasury’s Office of Foreign Assets Control (OFAC) stated that this was the first time that virtual currency addresses were linked to individuals on a U.S. sanctions blacklist.
Sigal Mandelker, Treasury under-secretary for terrorism and financial intelligence, said that the department is focusing on Iranian hackers who are out to extort victims. Mandelker also warned cryptocurrency exchanges and P2P exchangers to increase security as Iranians are desperate to get US dollars.
The indictment charges, however, did not state that Savandi and Mansouri acted on behalf of the Iranian government.
State Sponsored Cryptocurrency Cybercrime
Countries like North Korea are notorious for carrying out cyber-attacks on some cryptocurrency exchanges. A North Korean hacker group known as Lazarus, is well-known for its numerous attacks on virtual currency exchanges and fintech companies.
In August, the group released a malware known as “Applejeus” which an employee of an anonymous cryptocurrency exchanged unknowingly downloaded. Also, reports revealed Lazarus was responsible for high-profile attacks on exchanges including CoinCheck, Bithumb, Yapizon, Coinis, and YouBit.
Also, after U.S. President Donald Trump re-imposed sanctions on Iran, officials announced that the Islamic country could retaliate with cyber attacks.
In the face of strict U.S sanctions on Iran and North Korea, the countries are faced with economic hardship. In a bid to circumvent sanctions, both countries have attempted to launch their cryptocurrency and organized state-sponsored cybercrime.
Image courtesy of Shutterstock.