The renowned auditing and consulting firm, PwC, has revealed that Iranian citizens were involved in one of the most famous ransomware cases. The firm believes that they masterminded the SamSam Ransomware during its link with WEX.
This information borrows element from an earlier disclosure of the US Department of Justice (DOJ). According to a DOJ spokesperson, Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are the hackers who designed SamSam Ransomware—one of the most infamous ransomware. SamSam Ransomware is known to extort money when huge ransom demands come in the form of Bitcoin.
In the past, SamSam Ransomware devastated government institutions, conglomerates, educational institutions, and healthcare institutions as it spread throughout the world at a rapid pace. It is believed that in less than 35 months, the cybercriminals were able take $6 million worth of ransom and incurred losses of $30 million.
According to the US Treasury’s OFAC(Office of Foreign Assets Control), there were two more culprits. They were the following: Mohammad Ghorbaniyan and Ali Khorashadizadeh. So far, they are suspected to operate the cryptocurrency exchange in Iran that were key to assist Mansouri and Savandi in their nefarious plans of BTC exchange.
The judgment by PwC was founded on the basis of considerable evidence. They went through multiple cryptocurrency wallet addresses. The U.S. government also sent them incriminating emails. In the end, PwC concluded that Ghorbaniyan and Khorashadizadeh both may have something to do with WEX.
A few years back, the WEX exchange was popular with the name of “BTC-e”. However, in the late 2017, they rebranded themselves. This rebranding came due to a reason. In July 2017, the firm was entangled in a money laundering inquiry. According to PwC, BTC-e trigged the exchange of $1.9 million for SamSam Ransomware.
BTC-e is notorious for money laundering as about $4 billion of laundering went by. It is also linked with about 95 percent of each ransomware payment starting from 2014 to 2017 which was used by cybercriminals to convert their “winnings” into money.
Another investigation was referred by PwC. According to that investigation, the transactions of Bitcoin are connected with Russia’s Main Intelligence Directorate of the General Staff. In 2018, news outlets highlighted the fact that individuals from GRU and BTC-e are no petty criminals and may have played an important role with an infamous cyber espionage hacking organization. This group goes by the name of Fancy Bear.
Interestingly, Alexander Vinnik—the rumored operator of BTC-e- was nabbed by the police department during July 2017. The DOJ imposed the charges of money laundering and fraud on him. Human rights professionals from Russia are trying for the extradition of Vinnik so he can be transported to his home.