A trio of Iranian nationals hacked into the computer systems of hundreds of victims in the United States and around the world, shaking down utility companies, local governments and even a shelter for victims of domestic violence, federal prosecutors said Wednesday.
Beginning Oct. 2020, Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari have “engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, Russia and elsewhere, causing damage and loss,” the Justice Department alleged in an indictment filed in New Jersey federal court.
The three preyed upon organizations in the critical infrastructure sector, including healthcare centers, transportation services and utility providers, as well as “small businesses, government agencies, non-profit programs, and educational and religious institutions,” said the indictment unsealed on Wednesday.
Using commercially available encryption software known as “Bitlocker,” they locked up the computer systems of some victims with ransomware and demanded money to unlock them, prosecutors said.
Victims listed in the indictment include a township municipality in Union County, New Jersey; accounting firms in Illinois and New Jersey; power companies based in Mississippi and Indiana; a housing authority in Washington state; a county government in Wyoming; and a domestic violence shelter in Pennsylvania.
The shelter wound up paying a $13,000 ransom to recover its data, the indictment said. It does not specify how many other victims paid.
Investigators said they don’t believe the three were working with the Iranian government. FBI Director Christopher Wray has said that the three also targeted companies and entities in Iran, “demonstrating that few targets were off limits.”
The State Department is offering up to $10 million for information on the three men, whom authorities believe are currently residing in Iran.
In a video statement, Wray also announced that a joint cybersecurity advisory will be released by law enforcement agencies in the U.S. and abroad, including Canada and Australia, to reduce the impact of future cyber threats linked to the Iranian government’s Islamic Revolutionary Guard Corps. The IRGC has been known to launch such attacks worldwide including on critical infrastructure.
“These steps will also show those responsible for these unconscionable attacks that if you try to hold our critical infrastructure for ransom, if you try to disrupt the way Americans live their daily lives, you’re going to be facing the full force of the U.S. government and its allies, and we will do everything in our power to bring you to justice,” Wray said.
He also said that U.S. have developed further actions “designed and sequenced in conjunction with this indictment to make a big dent in the threat.”
Source: | This article originally belongs to Nbcnews.com
