US identifies and charges SamSam ransomware authors

In a wave of attacks spanning three years, the US government has charged the people behind it, but getting them in handcuffs won't be easy

hacking and ransomware

The US has identified and charged two Iranian men who it believes to be behind the SamSam ransomware attack that has run riot since 2015. The only issue is, US authorities don't have the jurisdiction to reprimand them at this time.

Believed currently to be in Tehran, the two men are out of US jurisdiction but the country's law enforcement is seeking alternative methods for their capture.

"Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement," the FBI said, the BBC reported, "they can be apprehended if they travel, and the United States is exploring other avenues of recourse."

"The allegations in the indictment unsealed today - the first of its kind - outline an Iran-based international computer hacking and extortion scheme that engaged in a 21st-Century digital blackmail," said US assistant attorney general Brian Benczkowski.

The ransomware attack is one of the most prevalent of its type in recent years, making headlines by holding up high-profile targets to their demands. American cities such as Atlanta, Indiana and New Mexico have been hit hard in particular, a hospital in Indiana was reduced to working by pen and paper earlier this year after their systems were hit by the attack. In 2016, a hospital in Hollywood was also forced to turn patients away and ultimately complied with the ransom demands and paid $17,000 in bitcoin.

It was misery in March 2018 for Atlanta which suffered a crippling attack on government systems. Five out of the 13 major government departments were reduced to pen and paper, including law enforcement who also lost a number of police records in the process. City council officials were resigned to sharing one clunky personal laptop between three, Reuters reports. How did they get access to so many systems? One researcher took to Twitter to highlight a glaring error.

When greeted with the splash page after the system has been infected, users are met with a lot of 'sorry' messages, presumably peppered to illicit a feeling of honesty, that the authors of the ransomware will actually pay up, which isn't generally advised.

The cost of the ransom increased exponentially as the years went by. At the start, the victim had two options, to pay 0.8 bitcoin for each infected PC or pay 4.5 bitcoin to get the decryption keys to all infected system's files. It later rose to 1.7 bitcoin for each system or 12 bitcoin for all, 40,000 in today's money. It's difficult to believe how long the SamSam project ran on, continually finding vulnerabilities that weren't properly patched.

It's reported to have made the authors hundreds of thousands of dollars; the US Treasury has also identified and is seeking capture of two Iranian men who helped convert the bitcoin into Iranian currency, the rial, after monitoring bitcoin wallet addresses associated with the outfit.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Best ransomware removal tools
Security

Best ransomware removal tools

17 Nov 2020
What are biometrics?
Security

What are biometrics?

27 Nov 2020
Black Friday's best antivirus deals
Security

Black Friday's best antivirus deals

27 Nov 2020
Veritas Access Appliance with IBM Spectrum® Protect
Server & storage

Veritas Access Appliance with IBM Spectrum® Protect

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020