Iranians indicted in Atlanta metropolis authorities ransomware assault

The message posted to social media by the city of Atlanta in the wake of an apparent ransomware attack.

Enlarge / The message posted to social media by the town of Atlanta within the wake of an obvious ransomware assault. (credit score: Metropolis of Atlanta)

The US Lawyer's Workplace for the District of Northern Georgia introduced at the moment federal grand jury had returned indictments towards two Iranian nationals charged with executing the March 2018 ransomware assault that paralyzed Atlanta metropolis authorities companies for over per week. Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri are accused of utilizing the Samsam ransomware to encrypt information on three,789 Metropolis of Atlanta computer systems, together with servers and workstations, in an try and extort Bitcoin from Atlanta officers.

Particulars leaked by Metropolis of Atlanta workers through the ransomware assault, together with screenshots of the demand message posted on metropolis computer systems, indicated that Samsam-based malware was used. A Samsam variant was utilized in a variety of ransomware assaults on hospitals in 2016, with attackers utilizing weak Java Internet companies to realize entry in a number of circumstances. In more moderen assaults, together with one on the well being trade corporations Hancock Well being and Allscripts, different strategies had been used to realize entry, together with Distant Desktop Protocol hacks that gave the attackers direct entry to Home windows techniques on the victims' networks.

The Atlanta assault was not a focused state-sponsored assault. The attackers doubtless selected Atlanta based mostly on a vulnerability scan. In line with the indictment, the attackers provided the town the choice of paying six Bitcoin (at present the equal of $22,500) to get keys to unlock all of the affected techniques or zero.eight Bitcoin (about $three,000) for particular person techniques. "The ransom be aware directed the Metropolis of Atlanta to a selected Bitcoin tackle to pay the ransom and provided an online area that was solely accessible utilizing a Tor browser," a Division of Justice spokesperson mentioned in an announcement. "The be aware advised that the Metropolis of Atlanta might obtain the decryption key from that web site." However inside days of the assault, the Tor web page grew to become unreachable, and the Metropolis of Atlanta didn't pay the ransom.

Learn 1 remaining paragraphs | Feedback