Iranian hackers found guilty for launching SamSam ransomware attack

The Department of Justice announced about the criminals who were found guilty of spreading SamSam ransomware

Two Iranians were caught guilty for spreading SamSam ransomware and affecting organizations worldwide.

The United States Department of Justice announced about two Iranian hackers who were found guilty for launching the SamSam ransomware attack. Authorities have revealed the names of the cybercriminals – Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27.^[1] These two young men have already been charged for making several hacking attempts on numerous computer users, health sector and companies in the past years.

Faramarz Shahi Savandi and Mohammad Mehdi Shah have truly succeeded in their illegitimate work – they have extorted around 6 million dollars from their victims by spreading SamSam virus. Nevertheless, hundreds of victims have been made to deal with even more serious consequences which resulted in the loss of 30 million dollars.^[2]

Sadly, the hackers are not kept arrested at the moment because of their origin. However, the United States has included them into the list of most-wanted hackers that need to be caught soon. Best hopes that the FBI's operation succeeds and the hackers will get what they deserve for committing their crimes. Even if the operation fails to bring expected results fast, the criminals will still be unable to leave their residence country.

SamSam – a more modern ransomware virus

SamSam ransomware was created and first released about two years ago – in December 2015.^[3] It has been spread all over the world and had been reappearing with new versions till 2017.

As you might know, ransomware viruses have the purpose to infiltrate the computer system unnoticed and perform the encryption process on valuable files. Even though SamSam does the same thing, this notorious virus has more difficult features and its operating principle differs from other of its kind.

First, according to cybersecurity researches, this ransomware virus relies on different distribution way. It is known that the cybercriminals have been picking their targets and then launching the infection directly on the targeted computer system by using manual technique. Infected computer systems have mostly been reached by stealing sensitive information straight from victims, or by forcing a brutal attack.

Once installed, SamSam ransomware performs the encryption process by locking a large number of data. Cybercrooks use unique encryption algorithms, such as RSA-2048, to block all files stored on the infected PC. After that, a ransom message shows up and urges to pay a big amount of money for the decryption key. Typically, businesses are required to pay $50000 or more! This price can be considered enourmous as other criminals tend to demand lower ransoms.

A resource investigated SamSam ransomware by taking a closer look at the virus encryption process which seems to affect not only stored files:

Defendants authored various versions of the SamSam Ransomware, which was designed to encrypt data on Victim computers. SamSam Ransomware was designed to maximize the damage caused to the Victim by, for instance, also encrypting backups of the targeted computers.

SamSam gathered the largest payout from victims

The largest organizations that felt the effects of SamSam ransomware are the Atlanta city government,^[4] the Colorado Department of Transportation, and the Mississippi Valley State University:

According to the indictment, [affected victims includes] the City of Atlanta, the City of Newark, the Port of San Diego, the Colorado Department of Transportation, the University of Calgary, Hollywood Presbyterian Medical Centers, Kansas Heart Hospital, MedStar Health, Nebraska Orthopedic Hospital, and Allscripts Healthcare Solutions Inc.

It is known that SamSam ransomware appeared to be a well-paid business and overtook the infamous WannaCry virus^[5] which has been spread worldwide and is still considered active. Interesting fact: one victim of Samsam ransomware has even agreed to pay around 64,000 dollars as the ransom price in exchange for his/her files.