US Treasury Dept. Takes Action Against Two Iranians Allegedly Involved in BTC Ransomware

Published at: Nov. 28, 2018

The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin (BTC) ransomware scheme SamSam, the Treasury reported in an official press release today, Nov. 28.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken action on Wednesday against two Iranian individuals, Ali Khorashadizadeh and Mohammad Ghorbaniyan, who are accused of exchanging Bitcoin into Iranian rials (IRR).

This is also the first time that Bitcoin addresses have been publically attributed to “designated individuals” on the OFAC’s sanctions list.

According to the report, SamSam ransomware breaks into companies’ computer networks, allowing criminals to take over administrator rights in order to demand a ransom in Bitcoin in exchange for regained network access by users. The ransomware has reportedly damaged multiple companies, government agencies, universities, and hospitals, targeting more than 200 victims, the Treasury said.

OFAC has managed to identify two crypto addresses associated with the alleged Iran-based criminals, with 7,000 transactions in Bitcoin and around 6,000 BTC moved since 2013, the report states.

While Khorashadizadeh and Ghorbaniyan are allegedly responsible for the exchange of crypto and the deposits of rials into Iranian banks, the ransomware scheme also involved two Iranian players that acted as hackers and have been infecting multiple data networks with SamSam in the U.S., the United Kingdom, and Canada since 2015.

In August, U.K.-based science and technology magazine Wired UK reported that SamSam creators were making around $300,000 per month, and “nobody [could] work out who they are.” According to research provided by cybersecurity firm Sophos, SamSam has amassed about $6 million since apparently being launched in 2015.

According to Wired UK, SamSam did not perform anything “particularly sophisticated,” with no automation and implementing “old-school hacking.” The ransomware was reportedly managed manually, unlike the massive WannaCry ransomware that shut down hundreds of U.K. hospitals and GPs in 2017.

Tags
Related Posts
PwC: Bitcoin Ransomware Hackers Laundered Money via WEX Exchange
Big Four consulting and auditing company PwC has linked Iranian nationals behind Bitcoin (BTC) ransomware scheme SamSam to the crypto exchange WEX in a recent report published in February. The report is based on information that was previously disclosed by the United States Department of Justice (DoJ). As per the DOJ, two Iranians — Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri — were responsible for creating SamSam. SamSam is a ransomware demanding Bitcoin that reportedly damaged multiple U.S. companies, government agencies, universities, and hospitals. Within 34 months the hackers managed to extort over $6 million in Bitcoin and cause …
United States / March 4, 2019
Researchers Say Ransomware Attacks on the Rise as More People Work From Home
A study published by cybersecurity firm, Proofpoint, shows an increase in email-based phishing attacks used to deliver ransomware over the last few months. According to the report, first-stage deployments of ransomware are reportedly on the rise and have mostly been targeting the United States, France, Germany, Greece, and Italy. The attacks appear to be capitalizing on the influx of people now working from home amid the COVID-19 pandemic. Research additionally indicates that the ransom demands are very low compared to the amounts usually seen in these attacks. Lower than average ransoms A ransomware application called “Mr. Robot” has mostly targeted …
Technology / June 29, 2020
Ransomware Gang Failed to Deploy an Attack Against 30 US Firms
Cybersecurity firm Symantec blocked a ransomware attack by a group known for demanding payment in Bitcoin (BTC) directed at 30 U.S.-based firms and Fortune 500 companies. The announcement published by the cybersecurity firm claims that the Evil Group, the malware gang behind the attacks, targeted the IT infrastructures of the firms. Still, the companies were alerted in time to prevent deployment of the ransomware. The group used the ransomware WastedLocker and managed to breach the security of the victims' networks and unsuccessfully attempted to laying the ground for staging the attacks. Gang asks for million-dollar payments Cointelegraph reported recently a …
Technology / June 28, 2020
Bitcoin-Seeking Ransomware Ryuk Virus Found and Studied in China
Tencent Yujian Threat Intelligence Center says that a Ryuk ransomware virus has been spotted in China. The intelligence center released information on the outbreak in a report on July 16. According to the report, Ryuk viruses are a family of malware aimed at infecting government and enterprise machines holding valuable data. According to the report, a Ryuk virus derives from the Hermes virus, with code that is directly modified off of the latter. As noted in the report, Ryuk is the name of a death spirit in the popular manga Death Note. As per its title, Ryuk possesses a notebook …
United States / July 19, 2019
California Man Sues AT&T Over Loss of $1.8M and Crypto Accounts
California resident Seth Shapiro has filed a lawsuit against wireless service giant AT&T alleging that its employees helped to perpetrate a SIM-swap which resulted in the theft of over $1.8 million in total, including cryptocurrencies. The complaint filed on Oct. 17 claims that Shapiro is “a two-time Emmy Award-winning media and technology expert, author, and adjunct professor at the University of Southern California School of Cinematic Arts.” The lawsuit alleges that between May 16 and May 18 AT&T employees transferred access to Shapiro’s mobile phone to outside hackers: “AT&T employees obtained unauthorized access to Mr. Shapiro’s AT&T wireless account, viewed …
Cryptocurrencies / Oct. 20, 2019