Justice News

Deputy Attorney General Rod J. Rosenstein Delivers Remarks at the “SamSam” Ransomware Press Conference
Washington, DC
United States
Wednesday, November 28, 2018

Remarks as prepared for delivery

Good morning. I am joined by Criminal Division Assistant Attorney General Brian Benczkowski, New Jersey U.S. Attorney Craig Carpenito, and FBI Executive Assistant Director Amy Hess.

Also on stage are the two prosecutors handling this matter: Assistant U.S. Attorney Justin Herring, and Computer Crimes and Intellectual Property Section Senior Counsel William Hall Jr.

A federal grand jury in New Jersey indicted two Iranian citizens for a three-year scheme that involved hacking into computers of hospitals, municipalities, public institutions, and businesses. It involved a high-tech, sophisticated extortion plot.

The defendants allegedly hijacked victims’ computer systems and shut them down until the victims paid a “ransom.”

The conspirators collected more than $6 million in extortion payments and caused more than $30 million in losses.

Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people. 

The indictment was returned on November 26, and unsealed today in Newark, New Jersey. It alleges that Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri used sophisticated software to execute their computer hacking and extortion scheme.

Acting from inside Iran, the men developed and deployed a form of ransomware that they named “SamSam.”  Ransomware is a destructive computer code that encrypts victims’ computers and then holds the computers “hostage” until a “ransom” fee is paid.

Starting in January 2016, the defendants gained access to victims’ computers by exploiting cyber security weaknesses.  After gaining access to the computers, they remotely installed ransomware.  The ransomware encrypted computer data, crippling the ability of the victims to operate their businesses and provide critical services to the public. 

The victims included two major municipalities – the City of Atlanta, Georgia and the City of Newark, New Jersey.  The defendants also sought to interrupt critical transportation infrastructure by infiltrating the Port of San Diego, California, and the Colorado Department of Transportation. 

In addition, the defendants infected the computers of six health-care related entities from across the country, impairing the ability of these businesses to provide health care to sick and injured people. 

The defendants chose to focus their scheme on public entities, hospitals, and municipalities.  They knew that shutting down those computer systems could cause significant harm to innocent victims.

The indictment alleges that the defendants demanded payment from their victims in the form of the virtual currency known as Bitcoin.  Bitcoin contributes to the increasing sophistication of criminal schemes.  It is a common currency for criminal schemes, including websites that distribute child pornography and deadly opioid drugs, and ransomware and other tools of extortion.

The defendants allegedly communicated with victims using Tor, an encrypted computer network designed to facilitate anonymous communication over the Internet. 

We support the use of encryption to safeguard private information and strengthen cybersecurity.  But this case highlights another example of the challenges posed to law enforcement by encryption designed to resist law enforcement. 

Sophisticated encryption technologies like the Tor network are used by cybercriminals to commit serious offenses.  These sophisticated technologies pose a real threat to the government’s ability to keep people safe and ensure that criminals and terrorists are caught and brought to justice.

Every sector of our economy is a target of malicious cyber activity.  But the events described in this Indictment highlight the urgent need for municipalities, public utilities, health care institutions, universities and other public organizations to enhance their cyber security. 

Publicly revealing this nefarious hacking scheme makes it harder for the perpetrators, and others like them, to do business in the future.  As a result of the Indictment, the defendants are now fugitives from justice.  They face arrest and extradition to the United States in many nations that honor the rule of law. 

We call on all civilized nations to prevent their citizens from using the internet to perpetrate fraud schemes in foreign countries.

By making clear that criminal actions have consequences, we deter schemes to victimize the United States government, businesses, and citizens, and we help to protect foreign allies.

This case demonstrates the Department of Justice’s commitment to identifying and prosecuting cybercriminals, regardless of where they base their operations. 

We are grateful for outstanding work and collaboration between American and international law enforcement partners in this investigation.  In particular, I want to thank two United Kingdom agencies – the National Crime Agency, and the West Yorkshire Police – and two Canadian agencies, the Calgary Police Service, and the Royal Canadian Mounted Police. 

Our National Security Division and our Criminal Division’s Office of International Affairs also provided critical support.

Next, I want to invite Assistant Attorney General Brian Benczkowski to provide some remarks. 

National Security
Updated November 28, 2018