ATLANTA (FOX 5 Atlanta) - A federal grand jury has just charged two Iranian men for a 34-month-long computer hacking and extortion cyberattack that targeted the City of Atlanta and other metro Atlanta governmental department.
The indictment charged 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri, both acting from inside Iran, of creating a malware known as “SamSam Ransomware” that had was able to do the act of "forcibly encrypting data on the computers of victims." The two men would access the computers of victims through vulnerabilities in security, install their program and then demand a ransom to decrypt the data, officials said.
“In March 2018, a devastating ransomware attack interrupted City of Atlanta government functions and disrupted our community,” said U.S. Attorney Byung J. “BJay” Pak. “In the days following the attack, local law enforcement officials worked tirelessly to respond to the incident and collect investigative information that was passed on to our counterparts leading the groundbreaking investigation into the SamSam ransomware attacks. This indictment, which is in coordination with the U.S. Attorney’s Office for the District of New Jersey and the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, vindicates the City of Atlanta’s interest in ensuring that those responsible for the attacks face justice here as well.”
The cyberattack crippled several online services provided by the city of Atlanta, with investigators saying the ransom demanded was $51,000 to be paid in Bitcoin. Officials discovered the attack in March when they noticed unusual activity on their servers.
"This is much bigger than a ransomware attack," Mayor Keisha Lance Bottoms said at a press conference at the time. "This really is an attack on the government, which means its an attack on all of us."
FBI investigators say that Atlanta was just one of the cities targeted by the two men. In all, officials estimate more than 200 victims, including Newark, New Jersey, the Port of Sandiego, and multiple medical centers, were targeted.
In total, the indictment says that Savandi and Mansouri collected more than $6 million in ransom payments, with losses to victims of the hack being over $30 million.
"The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims,” Deputy Attorney General Rosenstein said.
“After gaining access to computers, they remotely installed their ransomware. The ransomware encrypted the computer data, crippling the ability of the victims to operate their businesses and provide critical services to their customers. The victims included two major municipalities, the city of Atlanta, Georgia and the city of Newark, New Jersey,” Rosenstein said.
In a statement, a spokesperson for the City of Atlanta said they were "grateful" that their federal partners "assisted with identifying the perpetrators and bringing them to justice."
The Administration remains committed to ensuring the ongoing safety and security of the City’s cyber-infrastructure, as well as that of the people of Atlanta,” the spokesperson said.
The indictment charged the two men with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two counts of intentional damage to a protected computer and two counts of transmitting a demand in relation to damaging a protected computer.