Skip to main content
IMA Executive News & Views Blog

Are You a Cyber Target? Yes! Cyber Hacker Indictments Show Vulnerabilities in Key Systems

by Stephen E Reynolds et al.

Ice Miller LLP is an IMA Member

Hackers beware! In a high profile indictment unsealed just after Thanksgiving, prosecutors in the District of New Jersey charged two Iranians with engaging in a three-year scheme to hack into the computer networks of hospitals, schools, private companies, and government agencies to extort millions of dollars in ransom payments. The indictment itself was hailed by the Department of Justice as “the first-ever indictment against criminal actors for deploying a for-profit ransomware, hacking, and extortion scheme.” See the remarks here.
According to the indictment, the defendants perpetrated their alleged crimes while in Iran. There, they engaged in an extensive conspiracy to extort millions of dollars from hospitals and municipalities across the country by hacking into computer systems and crippling critical infrastructure. Specifically, according to the indictment, from December 2015 until November 2018, the defendants created their own malicious software, called SamSam Ransomware, that was designed to encrypt victims’ computers and backup systems until the hackers received millions in ransom demands, at which point they would provide a key to unlock the frozen systems. Before targeting certain networks, the defendants first conducted extensive reconnaissance to assess the vulnerabilities of their victims’ systems. After selecting their targets, the defendants launched the malware, which was disguised to appear like legitimate network activity, on multiple computer networks, crippling their victims’ ability to conduct business. The defendants then demanded the victims pay them ransom or face losing their data permanently. 
Overall, the defendants victimized more than 200 entities and collected more than $6 million in ransom payments—paid largely in Bitcoin, a type of virtual currency circulated over the Internet as a form of value. Their victims—who included the City of Atlanta, the City of Newark, and multiple health care facilities—suffered more than $30 million in additional losses as a result of their inability to access their data.
In a related action, the Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned two other Iranians for allegedly helping the hackers convert their ill-gotten gains from Bitcoin into Iranian currency. Both the indictment and OFAC’s sanctions represent a concerted effort by the United States government to crackdown on cybercrime and expose cybercriminals. However, for the moment, the defendants themselves remain beyond the reach of the American courts. They are believed to be residing in Iran. 
Ransomware attacks like the one charged in the recent indictment pose a constant threat to hospitals, municipalities, and governmental organizations. Businesses must remain constantly vigilant in their efforts to ward off cyberattacks. It is also critical that companies who have been victimized by hackers work with law enforcement to gather as much information about the attack and the attackers as soon as possible.   
Members of Ice Miller’s Data Privacy and Security Team routinely cooperate and coordinate with law enforcement to protect their clients and help bring the perpetrators of these costly attacks to justice. For example, attorneys at the Firm are members of the Chicago Economic Crimes Task Force, which is a coordinated effort between the United States Secret Service, the larger law enforcement community, members of the private sector, and members of academia working together to combat cybercrime through information sharing, coordinated investigations, technical expertise, and training. Attorneys are also members of InfraGard, a similar partnership between the FBI and the private sector designed to facilitate the flow of information and protect critical infrastructure.

To view the original article, click here.