National News

Iranians indicted in cyberattacks across U.S.

Posted November 28, 2018 4:17 p.m. EST

ATLANTA -- Two Iranian citizens have been indicted for a series of cyberattacks across America, including the March assault of the city of Atlanta's computer systems, according to an FBI announcement Wednesday morning.

The cyberattack on Atlanta caused myriad issues with the city's computer systems and could end up costing $17 million to taxpayers, according to one report. Deputy U.S. Attorney General Rod Rosenstein said the indictment also accuses the same defendants of a similar attack on the city of Newark, New Jersey, and some 200 other victims, including hospitals and health care agencies.

The defendants, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly collected some $6 million from various victims. Officials declined to say if Atlanta paid a ransom.

The defendants, who may still be in Iran, are not in custody.

The FBI said the attacks were part of an increase of such activity from Iran, but officials made no allegation that the government of the country was involved.

The defendants used so-called ransomware to shut down computer systems and then demand payments to restore the systems, according to the federal indictment, which was filed in Newark.

"According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment," Rosenstein said. "The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."

In June, Atlanta announced it had largely recovered from the March attack, but the Atlanta Police Department said it had lost "years" of dashcam video.

The six-count indictment accuses the defendants of a 34-months-long hacking and extortion scheme using malware called "SamSam Ransomware." It was capable of forcibly encrypting data on the computers of victims, locking out the victims.

The men are accused of seeking out victims who would be most vulnerable and stand to lose the most by being attacked.

Among the more than 200 victims FBI named were hospitals, municipalities, and public institutions.

In addition to Atlanta and Newark, other victims were: the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska; and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

Story Filed By Cox Newspapers

For Use By Clients of the New York Times News Service