US charges Iranian hackers for SamSam ransomware attacks
Authorities in the United States have charged two people in connection with a series of notorious ransomware attacks.
According to the Department of Justice, 34-year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri were the masterminds behind attacks against more than 200 networks since 2015.
Unlike normal ransomware attacks (which are often delivered by a widely spammed-out malicious email attachment), the SamSam attacks saw organizations manually hacked one-by-one via a variety of techniques including brute-forcing their way into exposed RDP connections on a vulnerable server and making use of stolen login credentials.
Once in, the hackers would harvest admin passwords and escalate their privileges with a view to gathering further intelligence on the network they had compromised, expanding their foothold and unleashing the SamSam ransomware to compromise and encrypt PCs.
Victims were directed to webpages under the control of the hackers that contained their ransomware demands along with a threatening countdown after which – it was said – decryption keys would be deleted and recovery of the victim’s data would be impossible.
The SamSam extortionists would demand as much as US $8000 worth of Bitcoin to recover the data from one infected computer or a US $55,000 lump sum to decrypt all affected PCs on a network.
And like any other successful business venture, the brains behind SamSam recognized the importance of properly supporting their “customers.” Towards that end, they provided a portal through which victims could leave questions if they were experiencing difficulties making a payment.
In all, the two men are alleged to have successfully extorted more than US $6,000,000 from their victims, who included hospitals, educational institutions, the city government of Atlanta, Colorado’s Department of Transportation and the Port of San Diego.
Over 200 victims are said to have suffered damages totaling over US (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/iranian-hackers-samsam-ransomware/