Two Iranian nationals were indicted on Wednesday after a federal grand jury found they deployed ransomware against U.S. hospitals and other critical infrastructure.
Thirty-four year-old Faramarz Shahi Savandi and 27-year-old Mohammad Mehdi Shah Mansouri stand accused of authoring crippling malware and deploying it onto U.S. computers from Iran. After it was installed in hundreds of locations, the duo demanded ransom payments.
Here are the places affected according to the Department of Justice:
These more than 200 victims included hospitals, municipalities, and public institutions, according to the indictment, including the City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.
“The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims,” Deputy Attorney General Rosenstein released in a statement. “According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”
Agents from the FBI tracked Savandi and Mansouri's actions and were able to gather enough evidence for prosecution.
"This indictment demonstrates the FBI’s continuous commitment to unmasking malicious actors behind the world’s most egregious cyberattacks,” FBI Executive Assistant Director Amy Hess said. “By calling out those who threaten American systems, we expose criminals who hide behind their computer and launch attacks that threaten our public safety and national security. The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities. The FBI, with the assistance of our private sector and U.S. government partners, are sending a strong message that we will work together to investigate and hold all criminals accountable.”