Two Iranian men have been indicted on federal charges for allegedly committing the devastating cyber attack on city of Atlanta computers in March, as well as similar “ransomware” crimes around the U.S. and Canada.
The defendants — Mohammad Mehdi Shah Mansouri, 27, and Faramarz Shahi Savandi, 34 – allegedly received more than $6 million in ransoms by remotely disabling computer systems with software called “SamSam Ransomware.” The ransomware encrypted files on the computers, then demanded a ransom in the digital currency bitcoin to unencrypt them, according to the U.S. Department of Justice, which called the crimes “21st century digital blackmail.” Both men live in Tehran, Iran, and are now wanted by the FBI on federal warrants, authorities announced Nov. 28.
The March 22 ransomware attack on city of Atlanta computer systems caused chaos in several departments. Systems for paying water bills and handling city court cases were shut down. The Atlanta Police Department has said it permanently lost archived dashcam videos. The computer files of various city officials and employees were rendered useless as well, with Buckhead City Councilmembers J.P. Matzigkeit and Howard Shook among those affected. Some Sandy Springs citizens were affected by the billing issues, as Atlanta operates that city’s water system.
The city of Atlanta has said it did not pay a ransom after the attack. It remains unclear how the hackers accessed city systems. The Department of Justice’s announcement of the indictments speaks broadly of the defendants allegedly exploiting “security vulnerabilities.” City Council President Felicia Moore was among the officials who later said the administration of Mayor Keisha Lance Bottoms was not providing enough information about the cyber attack’s effects.
The Mayor’s Office issued a statement on Nov. 28 praising the indictments.
“We are grateful for all our federal partners who have assisted with identifying the perpetrators and bringing them to justice,” the city’s statement reads in part. “The administration remains committed to ensuring the ongoing safety and security of the city’s cyber-infrastructure, as well as that of the people of Atlanta.”
The crimes amounted to “21st century digital blackmail,” said U.S. Assistant Attorney General Brian A. Benczkowski in a press release.
Amy S. Hess, the FBI’s executive assistant director, said in a press release that the crimes “represent a continuing trend of cyber criminal activity emanating from Iran, [and] were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities.”
Mansouri and Savandi allegedly created the ransomware in 2015 and continued using it to extort victims as recently as Sept. 25, the Department of Justice says. They were indicted by a federal grand jury on charges involved fraud, conspiracy, damaging a computer and demanding a ransom.
The Department of Justice says the ransomware affected more than 200 victims. Others named by the department included: the city of Newark, N.J.; the Port of San Diego, Calif.; the Colorado Department of Transportation; the University of Calgary in Canada; and hospitals and other healthcare institutions in California, Kansas, Illinois, Maryland, Nebraska and North Carolina.
Correction: A previous version of this story contained outdated information about the city of Atlanta’s statement on any ransom payment.