Two Foreign Nationals Convicted of Multimillion-Dollar Scheme to Defraud Apple Inc. Out of 5,000 iPhones
Remarks as prepared for delivery
Thank you, Deputy Attorney General Rosenstein.
Today we are announcing the first-ever indictment against criminal actors for deploying a for-profit ransomware, hacking, and extortion scheme.
According to the indictment, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, both operating in Iran, authored and deployed a sophisticated, malicious software called the SamSam Ransomware to hack into the networks and encrypt the computers of U.S. hospitals, schools, companies, government agencies, and other entities. Some of their victims included:
The defendants’ objective allegedly was to prevent these victims from accessing or using data on the compromised computers, forcing them to shut down or dramatically curtail their operations. According to the indictment, the defendants then extorted ransom payments from their victims by threatening otherwise to delete the decryption keys needed to unlock the compromised computers.
For example, on May 28, 2016, the defendants allegedly accessed the network of Kansas Heart Hospital and deployed the SamSam Ransomware to encrypt the hospital’s computers. They then extorted the hospital by demanding a ransom payment in Bitcoin in exchange for the decryption keys for the compromised data.
According to the indictment, the defendants conducted online searches concerning the hospital and accessed its website a few days before the attack. This was just one alleged example of the defendants’ efforts to select and target their victims.
The defendants did not just indiscriminately “cross their fingers” and hope their ransomware randomly compromised just any computer system. Rather, they deliberately engaged in an extreme form of 21st-century digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing and able to pay.
In total, the defendants allegedly hacked and extorted more than 200 victims, and collected more than $6 million in criminal proceeds. The victims also incurred additional losses exceeding $30 million because they were unable to access their data.
The indictment unsealed today in the District of New Jersey charges Savandi and Mansouri with:
As a result of the indictment, the defendants are now fugitives from justice. This case demonstrates the Department of Justice’s commitment to identifying and prosecuting cybercriminals, wherever they choose to base their operations. We will continue to work together with our law enforcement partners, here in the United States and around the world, along with victims, to gather evidence and build cases to ensure there are no safe havens for cybercriminals to operate.
Most importantly—as you will hear in more detail from my colleagues on the stage—we want to get the word out that every sector of our economy is a potential target of malicious cyber activity. The events described in this indictment highlight the need for businesses, healthcare institutions, universities, and other entities to emphasize cyber security, increase threat awareness, and harden their computer networks.
Before I turn it over to U.S. Attorney Craig Carpenito to discuss the charges in more detail, I’d also like to extend my gratitude to:
Craig, over to you. It’s great to be with you here today.