US identifies and charges SamSam ransomware authors

In a wave of attacks spanning three years, the US government has charged the people behind it, but getting them in handcuffs won't be easy

hacking and ransomware

The US has identified and charged two Iranian men who it believes to be behind the SamSam ransomware attack that has run riot since 2015. The only issue is, US authorities don't have the jurisdiction to reprimand them at this time.

Believed currently to be in Tehran, the two men are out of US jurisdiction but the country's law enforcement is seeking alternative methods for their capture.

"Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement," the FBI said, the BBC reported, "they can be apprehended if they travel, and the United States is exploring other avenues of recourse."

"The allegations in the indictment unsealed today - the first of its kind - outline an Iran-based international computer hacking and extortion scheme that engaged in a 21st-Century digital blackmail," said US assistant attorney general Brian Benczkowski.

Advertisement - Article continues below
Advertisement - Article continues below

The ransomware attack is one of the most prevalent of its type in recent years, making headlines by holding up high-profile targets to their demands. American cities such as Atlanta, Indiana and New Mexico have been hit hard in particular, a hospital in Indiana was reduced to working by pen and paper earlier this year after their systems were hit by the attack. In 2016, a hospital in Hollywood was also forced to turn patients away and ultimately complied with the ransom demands and paid $17,000 in bitcoin.

It was misery in March 2018 for Atlanta which suffered a crippling attack on government systems. Five out of the 13 major government departments were reduced to pen and paper, including law enforcement who also lost a number of police records in the process. City council officials were resigned to sharing one clunky personal laptop between three, Reuters reports. How did they get access to so many systems? One researcher took to Twitter to highlight a glaring error.

When greeted with the splash page after the system has been infected, users are met with a lot of 'sorry' messages, presumably peppered to illicit a feeling of honesty, that the authors of the ransomware will actually pay up, which isn't generally advised.

The cost of the ransom increased exponentially as the years went by. At the start, the victim had two options, to pay 0.8 bitcoin for each infected PC or pay 4.5 bitcoin to get the decryption keys to all infected system's files. It later rose to 1.7 bitcoin for each system or 12 bitcoin for all, 40,000 in today's money. It's difficult to believe how long the SamSam project ran on, continually finding vulnerabilities that weren't properly patched.

It's reported to have made the authors hundreds of thousands of dollars; the US Treasury has also identified and is seeking capture of two Iranian men who helped convert the bitcoin into Iranian currency, the rial, after monitoring bitcoin wallet addresses associated with the outfit.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



How can you protect your business from crypto-ransomware?

4 Nov 2019

US court orders alleged Bitcoin inventor to split his hoard

28 Aug 2019
digital currency

What is cryptocurrency mining?

6 Jan 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020