Iranians indicted in Atlanta city government ransomware attack

The United States Lawyer’s Place of business for the District of Northern Georgia introduced lately federal grand jury had returned indictments in opposition to two Iranian nationals charged with executing the March 2018 ransomware assault that paralyzed Atlanta town executive products and services for over every week. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri are accused of the use of the Samsam ransomware to encrypt recordsdata on three,789 Town of Atlanta computer systems, together with servers and workstations, in an try to extort Bitcoin from Atlanta officers.

Main points leaked by way of Town of Atlanta workers all the way through the ransomware assault, together with screenshots of the call for message posted on town computer systems, indicated that Samsam-based malware was once used. A Samsam variant was once utilized in numerous ransomware assaults on hospitals in 2016, with attackers the use of inclined Java Internet products and services to achieve access in different circumstances. In newer assaults, together with one at the well being business firms Hancock Well being and Allscripts, different strategies have been used to achieve get entry to, together with Faraway Desktop Protocol hacks that gave the attackers direct get entry to to Home windows techniques at the sufferers’ networks.

The Atlanta assault was once no longer a centered state-sponsored assault. The attackers most probably selected Atlanta in line with a vulnerability scan. In step with the indictment, the attackers presented town the choice of paying six Bitcoin (lately the identical of $22,500) to get keys to liberate all of the affected techniques or zero.eight Bitcoin (about $three,000) for particular person techniques. “The ransom be aware directed the Town of Atlanta to a specific Bitcoin deal with to pay the ransom and equipped a internet area that was once best available the use of a Tor browser,” a Division of Justice spokesperson stated in a commentary. “The be aware prompt that the Town of Atlanta may just obtain the decryption key from that web page.” However inside days of the assault, the Tor web page become unreachable, and the Town of Atlanta didn’t pay the ransom.

Savandi, 27, of Shiraz, Iran, and Mansouri, 34, of Qom, Iran, had been charged beneath the Pc Fraud and Abuse Act (CFAA) for “intentional harm to safe computer systems… that led to losses exceeding $five,000, affected greater than 10 safe computer systems, and that threatened the general public well being and protection,” the Justice Division spokesperson stated. They’re additionally charged in a separate indictment within the US District Court docket for the District of New Jersey in reference to every other ransomware assault, by which a ransom was once it seems that paid.

Checklist symbol by way of Town of Atlanta

Leave a Reply

Your email address will not be published. Required fields are marked *