SamSam developers charged for the attack that paralyzed Atlanta

Developers of the notorious SamSam ransomware arrested after three years of cyber attacks

SamSam developers got arrestedTwo Iranians got arrested for ransomware attacks in Atlanta.

The developers of the international hacking have finally been arrested because of the ransomware attack that affected Atlanta and kept the city paralysed for weeks. Officials have identified two Iranian men Faramarz Shani Savandi and Mohammad Mehdi Shah who were found to be involved in organizing SamSam ransomware attacks all over the world.

On November 28th, the Department of Justice released a report which identifies two Iranian-based men who were indicted for being involved in computer hacking and extortion scheme that caused over $30 million in losses. The official report, in which U.S. deputy attorney general Rod Rosenstein provides unheard information, claims:

The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims. According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.

Devastating attacks of SamSam ransomware

SamSam ransomware began its attacks back in 2015, and, since then, this threat has gained quite the reputation for its targets like hospitals and large organisations. As common ransomware, SamSam encrypts various files on targeted networks and demands ransom for the possible decryption.

These expensive attacks have caused much more losses than attacks on the individual everyday user because the ransom amount demanded from companies differ from thousands to tens of thousands of dollars in Bitcoin or other cryptocurrencies. According to various reports, two Bitcoin accounts linked to this particular malware processed over 7 000 transactions.

Developers of SamSam ransomware made hundreds of thousands of dollars or even millions a year from the attacks and their payments alone. Since targets chosen by these hackers got bigger and bigger, institutions, hospitals, health record firms or even governments and universities got their networks affected by this crypto malware that exploited vulnerabilities to spread around.

The ransom amount for Atlanta — $50 000

This cryptovirus had a vast amount of victims, but the City of Atlanta was shut down for weeks due to the attack on various servers. Networks affected by this virus included courts, other city services, online bill pay and systems of city workers. For the modified files on these systems, SamSam developers demanded a $50 000 ransom. Atlanta spent up to $2.7 million for computer security recovery.

According to the Justice Department other huge targets of this virus include:

  • the City of Newark, New Jersey;
  • the Port of San Diego, California;
  • the Colorado Department of Transportation;
  • the University of Calgary in Calgary;
  • Alberta, Canada;
  • Hollywood Presbyterian Medical Center in Los Angeles, California;
  • Kansas Heart Hospital in Wichita, Kansas;
  • LabCorp, headquartered in Burlington, North Carolina;
  • MedStar Health, headquartered in Columbia, Maryland;
  • Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

For these past few years, ransomware developers decided to target big companies, services, and even government institutions because one target of this size help gaining more profit from one paid ransom alone. This behaviour started when crypto mining malware raised to the top at the list of most dangerous cyber threats. However, ransomware and cryptojacking malware still go neck to neck.

About the author
Olivia Morelli
Olivia Morelli

Malware analyst...

Contact Olivia Morelli
About the company Esolutions

Read in another language