A federal court recently indicted two Iranians in connection with ransomware attacks on Atlanta’s municipal system and many similar incidents all across the United States. We keep on hearing new details of their activity, which clearly shows that even a single cryptovirological strain can wreak havoc. Moreover, it has proved once again that geographical distance is unconsequential for ransomware operators since both attackers successfully launched hundreds of attacks from within their country.
A 3-Year Ransomware Campaign
The US Deputy Attorney General Rod J. Rosenstein has revealed that the Iranian attackers launched nearly 200 attacks in their three-year campaign. They succeeded in skimming $6 million in the name of ransomware removal. Moreover, the affected entities incurred losses of around $30 million. These losses primarily entailed downtimes and expenses of ransomware removal and recovery measures. It’s worth mentioning that they used SamSam ransomware strain throughout their campaign.
Among those hundreds of attacks, some are quite high-profile. Besides Atlanta’s municipal system, the attackers also hit six healthcare facilities in different states. Moreover, the cryptovirological attacks on Colorado’s Department of Transportation (January, 2018) and Port of San Diego (September, 2018) are also being attributed to Iranian SamSam operators.
Is the Campaign State-Sponsored?
The US-Iran relations are almost always clouded with animosity. Therefore, law enforcement agencies have also talked about the possibility of the involvement of the Iranian government. The two attackers remain at large in their country, and there is no way to extradite them due to strained diplomatic ties of the two countries.
2018: The Year of SamSam
If 2017 belonged to WannaCry, then it is safe to say that SamSam was the leading ransomware threat of this year. Both individual users and companies have borne the brunt of millions due to SamSam ransomware removal and data recovery measures.