Skip to main content

Assistant Attorney General Brian A. Benczkowski Delivers Remarks at the “SamSam” Ransomware Press Conference


Washington, DC
United States

Washington, D.C.

Remarks as prepared for delivery

Thank you, Deputy Attorney General Rosenstein. 

Today we are announcing the first-ever indictment against criminal actors for deploying a for-profit ransomware, hacking, and extortion scheme. 

According to the indictment, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, both operating in Iran, authored and deployed a sophisticated, malicious software called the SamSam Ransomware to hack into the networks and encrypt the computers of U.S. hospitals, schools, companies, government agencies, and other entities.  Some of their victims included:

  • the City of Newark, New Jersey;
  • the Colorado Department of Transportation;
  • Nebraska Orthopedic Hospital;
  • the City of Atlanta;
  • LabCorp of America;
  • MedStar Health; and
  • the Port of San Diego.

The defendants’ objective allegedly was to prevent these victims from accessing or using data on the compromised computers, forcing them to shut down or dramatically curtail their operations.  According to the indictment, the defendants then extorted ransom payments from their victims by threatening otherwise to delete the decryption keys needed to unlock the compromised computers. 

For example, on May 28, 2016, the defendants allegedly accessed the network of Kansas Heart Hospital and deployed the SamSam Ransomware to encrypt the hospital’s computers. They then extorted the hospital by demanding a ransom payment in Bitcoin in exchange for the decryption keys for the compromised data. 

According to the indictment, the defendants conducted online searches concerning the hospital and accessed its website a few days before the attack.  This was just one alleged example of the defendants’ efforts to select and target their victims. 

The defendants did not just indiscriminately “cross their fingers” and hope their ransomware randomly compromised just any computer system.  Rather, they deliberately engaged in an extreme form of 21st-century digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing and able to pay. 

In total, the defendants allegedly hacked and extorted more than 200 victims, and collected more than $6 million in criminal proceeds.  The victims also incurred additional losses exceeding $30 million because they were unable to access their data.

The indictment unsealed today in the District of New Jersey charges Savandi and Mansouri with:

  • conspiracy to commit fraud and related activity in connection with computers;
  • conspiracy to commit wire fraud;
  • intentional damage to a protected computer; and
  • transmitting a demand in relation to damaging a protected computer.

As a result of the indictment, the defendants are now fugitives from justice.  This case demonstrates the Department of Justice’s commitment to identifying and prosecuting cybercriminals, wherever they choose to base their operations.  We will continue to work together with our law enforcement partners, here in the United States and around the world, along with victims, to gather evidence and build cases to ensure there are no safe havens for cybercriminals to operate.

Most importantly—as you will hear in more detail from my colleagues on the stage—we want to get the word out that every sector of our economy is a potential target of malicious cyber activity.  The events described in this indictment highlight the need for businesses, healthcare institutions, universities, and other entities to emphasize cyber security, increase threat awareness, and harden their computer networks.

Before I turn it over to U.S. Attorney Craig Carpenito to discuss the charges in more detail, I’d also like to extend my gratitude to:

  • the prosecutors in his office, and here in the Criminal Division’s Computer Crime and Intellectual Property Section, particularly Justin Herring and Bill Hall;
  • the team of FBI investigators;
  • the National Crime Agency (UK);
  • the West Yorkshire Police (UK);
  • the Calgary Police Service (Canada); and
  • the Royal Canadian Mounted Police, who together are responsible for helping us to build this important case.

Craig, over to you.  It’s great to be with you here today.

Updated November 28, 2018