NEWARK, NJ - An unsealed federal indictment sheds new light on a hacking scheme local officials say extorted $30,000 from the city by infecting Newark's computers with ransomware.
Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, both of Iran, were indicted in connection with last year’s breach, the United States Attorney's Office announced yesterday. The alleged scheme affected 200 victims, including hospitals, other municipalities and public institutions, federal officials said.
"As a result of the Indictment, the defendants are now fugitives from justice. They face arrest and extradition to the United States in many nations that honor the rule of law," Deputy Attorney General Rod J. Rosenstein said.
The breach, which was first reported last year by TAPinto Newark, was investigated by the FBI's Newark Field Office.
The indictment alleges that Savandi, 34, and Mansouri, 27, created malware known as SamSam Ransomware, which forcibly encrypted data on computers. The two would allegedly extort victims by demanding ransom be paid in exchange for decryption keys.
Newark Mayor Ras Baraka said law enforcement officials recommended the city pay a bitcoin equivalency of $30,000 in ransom the alleged hackers were asking for. The city ultimately paid that much as a result of the breach, which occurred last year around April.
“These attacks seriously compromised our networks and disrupted vital services that we provide to residents,” Baraka said in a statement. “The hackers asked for payment of the bitcoin equivalent of $30,000 in ransom and we paid that as recommended by law enforcement officials in order to prevent long-term disruption.”
The mayor said the city has “significantly strengthened” its cyberdefenses since the hack.
Savandi and Mansouri are accused of collecting over $6 million as a result of the alleged scheme and caused over $30 million in losses. Other targets of the hack included the City of Atlanta, Ga. and Hollywood Presbyterian Medical Center in Los Angeles, federal officials said.
“As the indictment in this case details, they started with a business in Mercer County and then moved on to major public entities, like the City of Newark,” said U.S. Attorney Craig Carpenito in a statement, “and healthcare providers, like the Hollywood Presbyterian Medical Center in Los Angeles and the Kansas Heart Hospital in Wichita – cravenly taking advantage of the fact that these victims depend on their computer networks to serve the public, the sick, and the injured without interruption.”
The six-count indictment also alleges that Savandi and Mansouri would launch their attacks outside of regular business hours, making it more difficult for any of the entities to address the attack.
The two men are accused of creating the ransomware in 2015. The most recent attacked alleged in the indictment took place on Sept. 25 this year.