The US Attorney’s Office for the District of Northern Georgia has made the latest announcement on the Atlanta ransomware attack. A federal grand jury indicted two individuals who have been found out to be Iranians. Both of them have been charged with masterminding and carrying out the ransomware attacked that ravaged through Atlanta’s systems in March 201 for about a week.
The perpetrators—Mohammed Mehdi Shah Mansouri and Faramarz Shahi Savandi face legal proceedings for using the highly infamous SamSam Ransomware. They face accusations for infecting almost 4,000 workstations and servers which belonged to the City of Atlanta as well as for their extortion attempts.
According to a spokesperson from the Justice Department, Mansouri (Qom, Iran) and Savandi (Shiraz Iran) face charges of “intentional damage to protected computers… that caused losses exceeding $5,000, affected more than 10 protected computers, and that threatened the public health and safety,” which fall into the category of the Computer Fraud and Abuse Act (CFAA).
Interestingly, this is a not something which is new for the Iranian-based hackers. Earlier, they were charged in a separate case by the US District Court of New Jersey for their link to a different ransomware campaign in which they are reported to be successful in getting the ransom.
The Atlanta attack is not declared to be a state-sponsored one. It is believed that the cybercriminals targeted the city’s systems after finding a vulnerability in its security. The indictment explained that the hackers demanded a ransom of 6 Bitcoins in return for keys that could facilitate the City officials with ransomware removal. Additionally, to decrypt single servers for ransomware removal, a demand of 0.8 Bitcoin was also forwarded by the hackers. However, in the end, the City of Atlanta did not bow down to their demands and decided against paying any money.