Nov 28, 2018 20:40 UTC
Jan 4, 2019 at 19:51 UTC
US Treasury Department Slaps Sanctions on Iranians Running BTC Ransomware Scheme
The US Treasury Department officials have successfully busted a Bitcoin ransomware scheme and slapped sanctions on two Iranian citizens allegedly connected to the said scheme. According to a press release that came out on Wednesday itself, the ransomware programme was called SamSam and the accused duo, Mohammad Ghorbaniyan and Ali Khorashadizadeh were allegedly engaged in unlawfully converting Bitcoins into Iranian currency IRR or Iranian Rial.
This press release marks the first incidence of a cryptocurrency scam being added to a public list of “designated individuals” connected to OFAC (Office of Foreign Assets Control) list of sanctions. The report indicates that the SamSam ransomware had a specific modus operandi that allowed it to hack into enterprise computer systems and assume admin rights. Once the hackers had gained control of the administrator position in the network, they would ask for a ransom in the form of Bitcoins to be paid to them to expedite release. Akin to an abduction scheme where a computer system’s control was overpowered by the criminals instead of a human being, the SamSam scheme managed to break into several major companies, universities, government offices, hospitals and more.
According to the Treasury’s report, over two hundred computer systems faced the scourge of the SamSam. Apparently, the sanctioned individuals had moved 6000 transactions between 2013 and 2018, converting them to IRR over the course of around 7000 transactions. Besides Khorashadizadeh and Ghorbaniyan, the Treasury Department believes, there were some hackers involved in breaking into the systems across not just the United States but also in UK and Canada.
While the two people have been working in this field since 2013, it seems SamSam had been launched a little later in the year 2015 and according to cybersecurity research firm Sophos, has managed to raise and misappropriate around 6 million USD since then.
As per discussions in the Wired UK, the SamSam hackers were not particularly modern in their attempts to break in. Instead, they attained success with simple, old-school hacking techniques, through a scheme controlled mostly manually. However, with regulatory authorities cracking down on them, the scourge seems to have come to an end, futthee reducing the threst from ransomware.