Thursday, July 25, 2024
EHA

Two Iranian Men charges for Deploying SamSam Ransomware on Hospitals & Public Sectors that Caused $30 M in Losses

Two Iranian Men charges for Sophisticated SamSam Ransomware deployment on various public sectors, Hospitals, Municipalities that caused $30 million damages and huge amount of sensitive data lose.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27 who residing in Iran were involved the deployment of the SamSam ransomware for almost 34-months.

SamSam Ransomware is one of the most sphosticated Ransomware family that encrypting data on the computers of victims once they infected and lock down the computer and demand the ransom payment in order to provide access back to victims.

Savandi and Mansouri involved to infiltrate the victims computer using the system vulnerabilities and deploy the ransomware and encrypt the complete system files.

There are  more than 200 victims were affected by this ransomware attack included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities etc.

Once they compromised the Victims then they demaind the ransom amount that needs to pay via bitcoin to exchange for decryption keys for the encrypted data and they exchange the bitcoins into Iranian rial using Iran-based Bitcoin exchangers.

Also they have collected over $6 million USD to date and the attack caused $30 million for the victims.

According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”

“According to Department of Justice, Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.”

Also the These two attackers using Tor to hide their identity duringy launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers. Officials said.

Victims are encouraged to contact their local FBI field office and file a complaint online with the Internet Crime Complaint Center (IC3).

Website

Latest articles

ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with ".ru" domain sender addresses....

BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed

BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive...

250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very...

Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI infiltrated user systems by exfiltrating sensitive...

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Shared frameworks are often prone to hackers' abuses as they have been built into...

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

A significant vulnerability was discovered in BlueStacks, the world's fastest Android emulator and cloud...

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles