![]() ![]() ![]() The indictment alleges that, as a result of their conduct, Savandi and Mansouri have collected over $6 million USD in ransom payments to date, and caused over $30 million USD in losses to victims. These more than 200 victims included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia the City of Newark, New Jersey the Port of San Diego, California the Colorado Department of Transportation the University of Calgary in Calgary, Alberta, Canada and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California Kansas Heart Hospital in Wichita, Kansas Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina MedStar Health, headquartered in Columbia, Maryland Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.Īccording to the indictment, Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers. According to the indictment, beginning in December 2015, Savandi and Mansouri would then allegedly access the computers of victim entities without authorization through security vulnerabilities, and install and execute the SamSam Ransomware on the computers, resulting in the encryption of data on the victims’ computers. The six-count indictment alleges that Savandi and Mansouri, acting from inside Iran, authored malware, known as “SamSam Ransomware,” capable of forcibly encrypting data on the computers of victims. Attorney Craig Carpenito for the District of New Jersey and Executive Assistant Director Amy S. Benczkowski of the Justice Department’s Criminal Division, U.S. Rosenstein, Assistant Attorney General Brian A. And these are only those that were reported to the officials.A federal grand jury returned an indictment unsealed today in Newark, New Jersey charging Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both of Iran, in a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware, announced Deputy Attorney General Rod J. Total ransoms paid are around $6 million in Bitcoin. PowerSploit – A collection of PowerShell scriptsĪttackers are increasing ransom charge with every attack.NLBrute – An exploit tool for public-facing RDP instances.PsInfo – Help gather information about local or remote systems.RDPWrap – Allows console and remote RDP sessions.PsExec – Launch interactive command prompts on remote systems.Mimikatz – A tool to extract passwords and pins.Now they use a wide range of applications to conduct an investigation on the victim’s network.Īccording to the research, SamSam group is using any or all of the following tools: City of Atlanta, GA MaHow SamSam Ransomware Works?Įarlier SamSam group used JexBoss (an open-source JBoss exploitation tool). Mayor holds a press conference regarding the security breach. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |