The U.S. Department of Justice indicted two Iranian citizens Wednesday in connection with a 2016 cyberattack on Maryland’s MedStar Hospital, as well as municipalities.
The indictment alleges Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri worked from inside Iran to carry out ransomware attacks, in which they would shut down computer systems and demand Bitcoin payments in exchange. The two were not arrested, but are now wanted by the FBI.
Two Iranian Men Indicted for Deploying Ransomware to Extort Hospitals, Municipalities, and Public Institutions, Causing Over $30 Million in Losses https://t.co/CrwUPSKXdd
— Justice Department (@TheJusticeDept) November 28, 2018
The malware used was known as the SamSam ransomware. Attackers gained access to a system remotely, and installed it. The March 2016 attack against Columbia-based MedStar Health, which runs Baltimore’s Union Memorial Hospital and nine other hospitals in the region, encrypted data at the hospital, freezing up access to electronic health records. The health system continued to provide care, but were forced to use paper records in some cases.
“The defendants chose to focus their scheme on public entities, hospitals, and municipalities,” said U.S. Deputy Attorney General Rod Rosenstein, who previously served as U.S. Attorney of Maryland. “They knew that shutting down those computer systems could cause significant harm to innocent victims.”
In all, they attacked 200 victims, including the high-profile attack on the City of Atlanta, additional hospitals and the Port of San Diego. They collected a total of $6 million in extortion payments, and caused $30 million in losses, according to the DOJ. The U.S. Department of the Treasury also sanctioned people in Iran who exchanged Bitcoin payments for the alleged attackers.
The indictment marked the first in a ransomware case, according to the feds.
“The events described in this indictment highlight the need for businesses, healthcare institutions, universities, and other entities to emphasize cyber security, increase threat awareness, and harden their computer networks,” said Assistant Attorney General Brian A. Benczkowski.-30-
ISE research spotlights cryptocurrency vulnerabilities, and theft
Hanover-based KeyW to be acquired by Jacobs Engineering Group in $815M deal
What’s the word? Contribute to our list of cybersecurity terms to know
How SmartLogic accelerated these startups’ product growth trajectories
Power Moves: Frank Bonsal III is leaving TU incubator, returning to venture capital
Inside the North Baltimore company that discovered some of tech’s biggest security vulnerabilities
Baltimore’s ABS Capital Partners leads $23M Series A for Florida cybersecurity company
This fast-growing SaaS company aims to be a force for change in the energy industry
Sign-up for daily news updates from Technical.ly Baltimore