US identifies and charges SamSam ransomware authors

In a wave of attacks spanning three years, the US government has charged the people behind it, but getting them in handcuffs won't be easy

hacking and ransomware

The US has identified and charged two Iranian men who it believes to be behind the SamSam ransomware attack that has run riot since 2015. The only issue is, US authorities don't have the jurisdiction to reprimand them at this time.

Believed currently to be in Tehran, the two men are out of US jurisdiction but the country's law enforcement is seeking alternative methods for their capture.

"Although the alleged criminal actors are in Iran and currently out of the reach of US law enforcement," the FBI said, the BBC reported, "they can be apprehended if they travel, and the United States is exploring other avenues of recourse."

"The allegations in the indictment unsealed today - the first of its kind - outline an Iran-based international computer hacking and extortion scheme that engaged in a 21st-Century digital blackmail," said US assistant attorney general Brian Benczkowski.

The ransomware attack is one of the most prevalent of its type in recent years, making headlines by holding up high-profile targets to their demands. American cities such as Atlanta, Indiana and New Mexico have been hit hard in particular, a hospital in Indiana was reduced to working by pen and paper earlier this year after their systems were hit by the attack. In 2016, a hospital in Hollywood was also forced to turn patients away and ultimately complied with the ransom demands and paid $17,000 in bitcoin.

It was misery in March 2018 for Atlanta which suffered a crippling attack on government systems. Five out of the 13 major government departments were reduced to pen and paper, including law enforcement who also lost a number of police records in the process. City council officials were resigned to sharing one clunky personal laptop between three, Reuters reports. How did they get access to so many systems? One researcher took to Twitter to highlight a glaring error.

When greeted with the splash page after the system has been infected, users are met with a lot of 'sorry' messages, presumably peppered to illicit a feeling of honesty, that the authors of the ransomware will actually pay up, which isn't generally advised.

The cost of the ransom increased exponentially as the years went by. At the start, the victim had two options, to pay 0.8 bitcoin for each infected PC or pay 4.5 bitcoin to get the decryption keys to all infected system's files. It later rose to 1.7 bitcoin for each system or 12 bitcoin for all, 40,000 in today's money. It's difficult to believe how long the SamSam project ran on, continually finding vulnerabilities that weren't properly patched.

It's reported to have made the authors hundreds of thousands of dollars; the US Treasury has also identified and is seeking capture of two Iranian men who helped convert the bitcoin into Iranian currency, the rial, after monitoring bitcoin wallet addresses associated with the outfit.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

FBI still frowns on ransomware payments
ransomware

FBI still frowns on ransomware payments

11 Jun 2021
New ransomware targets unpatched Microsoft Exchange servers
ransomware

New ransomware targets unpatched Microsoft Exchange servers

1 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021
WWDC 2021: Apple unveils iOS 15, macOS Monterey and more
iOS

WWDC 2021: Apple unveils iOS 15, macOS Monterey and more

8 Jun 2021
OnePlus 9 Pro review: An instant cult classic
Hardware

OnePlus 9 Pro review: An instant cult classic

7 Jun 2021