US identifies and charges SamSam ransomware authors

In a wave of attacks spanning three years, the US government has charged the people behind it, but getting them in handcuffs won't be easy

hacking and ransomware

The US has identified and charged two Iranian men who it believes to be behind the SamSam ransomware attack that has run riot since 2015. The only issue is, US authorities don't have the jurisdiction to reprimand them at this time.

Believed currently to be in Tehran, the two men are out of US jurisdiction but the country's law enforcement is seeking alternative methods for their capture.

"Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement," the FBI said, the BBC reported, "they can be apprehended if they travel, and the United States is exploring other avenues of recourse."

"The allegations in the indictment unsealed today - the first of its kind - outline an Iran-based international computer hacking and extortion scheme that engaged in a 21st-Century digital blackmail," said US assistant attorney general Brian Benczkowski.

The ransomware attack is one of the most prevalent of its type in recent years, making headlines by holding up high-profile targets to their demands. American cities such as Atlanta, Indiana and New Mexico have been hit hard in particular, a hospital in Indiana was reduced to working by pen and paper earlier this year after their systems were hit by the attack. In 2016, a hospital in Hollywood was also forced to turn patients away and ultimately complied with the ransom demands and paid $17,000 in bitcoin.

It was misery in March 2018 for Atlanta which suffered a crippling attack on government systems. Five out of the 13 major government departments were reduced to pen and paper, including law enforcement who also lost a number of police records in the process. City council officials were resigned to sharing one clunky personal laptop between three, Reuters reports. How did they get access to so many systems? One researcher took to Twitter to highlight a glaring error.

When greeted with the splash page after the system has been infected, users are met with a lot of 'sorry' messages, presumably peppered to illicit a feeling of honesty, that the authors of the ransomware will actually pay up, which isn't generally advised.

The cost of the ransom increased exponentially as the years went by. At the start, the victim had two options, to pay 0.8 bitcoin for each infected PC or pay 4.5 bitcoin to get the decryption keys to all infected system's files. It later rose to 1.7 bitcoin for each system or 12 bitcoin for all, 40,000 in today's money. It's difficult to believe how long the SamSam project ran on, continually finding vulnerabilities that weren't properly patched.

It's reported to have made the authors hundreds of thousands of dollars; the US Treasury has also identified and is seeking capture of two Iranian men who helped convert the bitcoin into Iranian currency, the rial, after monitoring bitcoin wallet addresses associated with the outfit.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

How can you protect your business from crypto-ransomware?
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
'Largest ever' Magecart hack compromises 2,000 online stores
hacking

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020