The US is attempting to hold the creators of the infamous SamSam ransomware to account. A federal grand jury has revealed indictments against two Iranian men, Mohammad Mansouri and Faramarz Savandi, for allegedly authoring and wielding SamSam to extort money from a wide range of North American targets, including multiple hospitals, health care companies, state agencies and the city of Atlanta. They’ve successfully collected $6 million in ransoms so far, according to the Justice Department, and have created over $30 million in losses.
The two face charges of fraud, wire fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.
Mansouri and Savandi reportedly finished the first version of SamSam in December 2015, updating it twice in 2017. They took care when launching their attacks, according to officials — they apparently researched targets, masked their activity as legitimate network traffic (including the use of Tor) and made sure to compromise victims outside of typical business hours. They would demand bitcoin as payment and used Iranian exchanges to convert it to conventional currency.
The issue: as with earlier indictments of Russian hackers, the charges may be more symbolic than practical. Both Mansouri and Savandi live in Iran, which doesn’t have an extradition treaty with the US and isn’t likely to provide either suspect voluntarily. This will limit where they can travel and calls them out by name, but it won’t stop them from launching further attacks or profiting from their campaign.