by Stephen E Reynolds et al.
Ice Miller LLP is an IMA Member
Hackers beware! In a high profile indictment unsealed just
after Thanksgiving, prosecutors in the District of New Jersey charged two
Iranians with engaging in a three-year scheme to hack into the computer
networks of hospitals, schools, private companies, and government agencies to
extort millions of dollars in ransom payments. The indictment itself was hailed
by the Department of Justice as “the first-ever indictment against criminal
actors for deploying a for-profit ransomware, hacking, and extortion scheme.”
See the remarks here.
According to the indictment, the defendants perpetrated their alleged crimes while
in Iran. There, they engaged in an extensive conspiracy to extort millions
of dollars from hospitals and municipalities across the country by hacking into
computer systems and crippling critical infrastructure. Specifically,
according to the indictment, from December 2015 until November 2018, the
defendants created their own malicious software, called SamSam Ransomware, that
was designed to encrypt victims’ computers and backup systems until the hackers
received millions in ransom demands, at which point they would provide a key to
unlock the frozen systems. Before targeting certain networks, the defendants
first conducted extensive reconnaissance to assess the vulnerabilities of their
victims’ systems. After selecting their targets, the defendants launched the
malware, which was disguised to appear like legitimate network activity, on
multiple computer networks, crippling their victims’ ability to conduct
business. The defendants then demanded the victims pay them ransom or face
losing their data permanently.
Overall, the defendants victimized more than 200 entities and collected more
than $6 million in ransom payments—paid largely in Bitcoin, a type of virtual
currency circulated over the Internet as a form of value. Their
victims—who included the City of Atlanta, the City of Newark, and multiple
health care facilities—suffered more than $30 million in additional losses as a
result of their inability to access their data.
In a related action, the Treasury Department’s Office of Foreign Assets Control
(OFAC) sanctioned two other Iranians for allegedly helping the hackers convert
their ill-gotten gains from Bitcoin into Iranian currency. Both the indictment
and OFAC’s sanctions represent a concerted effort by the United States
government to crackdown on cybercrime and expose cybercriminals. However, for
the moment, the defendants themselves remain beyond the reach of the American
courts. They are believed to be residing in Iran.
Ransomware attacks like the one charged in the recent indictment pose a constant
threat to hospitals, municipalities, and governmental organizations. Businesses
must remain constantly vigilant in their efforts to ward off cyberattacks. It
is also critical that companies who have been victimized by hackers work with
law enforcement to gather as much information about the attack and the
attackers as soon as possible.
Members of Ice Miller’s Data Privacy and Security Team routinely cooperate and
coordinate with law enforcement to protect their clients and help bring the
perpetrators of these costly attacks to justice. For example, attorneys at the
Firm are members of the Chicago Economic Crimes Task Force, which is a
coordinated effort between the United States Secret Service, the larger law
enforcement community, members of the private sector, and members of academia
working together to combat cybercrime through information sharing, coordinated
investigations, technical expertise, and training. Attorneys are also
members of InfraGard, a similar partnership between the FBI and the private
sector designed to facilitate the flow of information and protect critical
infrastructure.
To view the original article, click here.
