Dept of Justice, US Attorney’s Office for the District of New Jersey, Newark, NJ
United States District Court for the District of New Jersey (Newark, NJ)
USA v Faramarz Shari Savandi and Mohammad Mehdi Shah Mansouri, 3:18-cr-00704-BRM
Cyberattack Criminal Action:
On November 28, 2018, Deputy Attorney General Rod Rosenstein, on behalf of the DOJ and the US Attorney’s Office for the DNJ, announced at the SamSam Ransomware Press Conference, that they had filed in federal court, the USDC for the District of New Jersey, a Grand Jury Indictment (26 pages comprising six counts, plus asset forfeiture allegations) against the Defendants alleging US criminal liability for the three year SamSam Ransomware cyberattacks.
Assistant Attorney General Brian Benczkowski stated,
“Today we are announcing the first ever indictment against criminal actors for deploying a for-profit ransomware, hacking and extortion scheme.”
200+ SamSam Ransomware Victims:
In Count One, paragraph 1(g), of the Indictment the following victims were stated:
- Allscripts Healthcare Solutions, Inc., Chicago, Illinois
- The City of Atlanta
- The City of Newark
- The Colorado Department of Transportation, Denver, Colorado
- Hollywood Presbyterian Medical Center, Los Angeles, California,
- Kansas Heart Hospital, Wichita, Kansas;
- Laboratory Corporation of America Holdings (LabCorp), Burlington, North Carolina;
- MedStar Health, Columbia, Maryland;
- The Mercer County Business, Mercer County, New Jersey;
- Nebraska Orthopedic Hospital, Omaha, Nebraska;
- The Port of San Diego, San Diego, California;
- The University of Calgary, Calgary, Alberta, Canada.
Count One continues in paragraph 3, alleging:
“The defendants hacked, encrypted, and extorted more than 200 Victims, and collected more than $6 million in ransom payments. The Victims incurred additional losses exceeding $30 million resulting from the loss of access to their data.”
Criminal Indictment Counts:
The Six Count Indictment from the Grand Jury states substantially as follows:
Count One: Conspiracy to Commit Fraud and Related Activity in Connection with Computers
Count One alleges that the defendants, Faramarz Shahi Savandi and Mohammad Merdi Shah Mansouri, were computer hackers that resided in Iran, and from on or about December 2015 to the present, by using the Tor network the defendants engaged in an international computer hacking and extortion scheme whereby they hacked into computer networks, encrypted data on the victims’ computers using a form of malicious software they created called ‘SamSam Ransomware’, then extorted the victims for ransom Bitcoin payments in exchange for the decryption keys to unlock the compromised computers, all in violation of 18 USC §371 [Conspiracy to Commit Offense or to Defraud the United States]
Count Two: Conspiracy to Commit Wire Fraud
Count Two alleges that the defendants knowingly and intentionally conspired to devise a scheme to defraud, and to cause to be transmitted by means of wire communications in interstate and foreign commerce data in furtherance of such scheme, contrary to 18 USC §1343 [Fraud by wire, radio, or television] and §1349 [Attempt and conspiracy].
Count Three (for Mercer County Business) and Count Four (for the City of Newark): Intentional Damage to a Protected Computer
Counts Three and Four allege that the defendants knowingly caused the transmission of computer code, and intentionally caused damage without authorization to a protected computer, all in violation of 18 USC Sections 1030(a)(5)(A), (c)(4)(B) and 2. See the Computer Fraud and Abuse Act (CFAA).
Count Five (for Mercer County Business) and Count Six (for the City of Newark): Transmitting a Demand in Relation to Damaging a Protected Computer
Counts Five and Six allege that the defendants knowingly with intent to extort from persons money and other things of value, transmitted in interstate and foreign commerce a communication containing a demand and request for money in relation to damage to a protected computer, where such damage was caused to facilitate the extortion, all in violation of 18 USC §§ 1030(a)(7)(C) and (c)(3)(A), and 2.
Plus a Criminal Forfeiture Allegation:
That upon conviction of any of the offenses, the defendant shall forfeit all proceeds derived from said offenses, and if any such proceeds have diminished in value, the property of the defendant shall be forfeited as the make-up value, citing 18 USC Section 981(a)(1)(C) et al.
Conclusion:
DAG Rosenstein concluded his remarks by stating:
“Every sector of our economy is a target of malicious cyber activity. But the events described in this Indictment highlight the urgent need for municipalities, public utilities, health care institutions, universities and other public organizations to enhance their cyber security.”
“By making clear that criminal actions have consequences, we deter schemes to victimize the United States government, businesses, and citizens, and we help to protect foreign allies. This case demonstrates the Department of Justice’s commitment to identifying and prosecuting cybercriminals, regardless of where they base their operations.”
Commentary by Attorney Timothy F. Mills, Editor / Action Cyber Times™ © 2018 All Rights Reserved.
Action Cyber Times™ provides resources for cybersecurity, data privacy, compliance, breach reporting and risk management, intellectual property theft, and the utilization of emerging technologies such as artificial intelligence, machine learning, blockchain DLT, advances in cryptographic applications, and more.
Disclaimer: The content available on the web site and in the blog posts is for informational purposes only and is not intended to, and does not, provide legal advice. Contact and retain an appropriate professional for legal advice. Use of this content or any of the links contained within the site do not create an attorney-client relationship. The opinions expressed are the opinions of the author.