- The Justice Department charged 3 Iranian men with hacking hundreds of U.S. computers.
- The suspects allegedly extorted ransom in exchange for returning access to computer systems.
- Victims included local governments, accounting firms and a domestic violence shelter.
WASHINGTON – The Justice Department announced charges Wednesday against three Iranian men accused of hacking into hundreds of U.S. computer systems, encrypting data and extorting people for ransom.
Victims of the scheme included a township in Union County, New Jersey, and a county government in Wyoming; accounting firms in New Jersey and Illinois; power companies in Indiana and Mississippi; a Washington state housing authority; and a Pennsylvania domestic violence shelter, according to the indictment.
The three men are in Iran and are not in custody. But officials familiar with the investigation who spoke on condition of anonymity said the charges are intended to limit their employment, training and travel outside Iran, and they could be tried if ever taken into custody. The indictment doesn’t implicate the Iranian government.
FBI Director Christopher Wray said hackers might feel safe in anonymity behind their keyboards, but they are wrong and can be identified.
“The FBI is coming after them, and we’re doing it with the full force of our law enforcement and intelligence partners in the U.S. and overseas,” Wray said. “These three individuals are among a group of cybercriminals whose attacks represent a direct assault on critical infrastructure and public services we all depend on.”
Crypto crime:A crypto crime crackdown? DOJ hires first director of National Cryptocurrency Enforcement Team.
The charges come as the Justice Department bolsters its investigations involving cybersecurity and ransomware against what officials warned business executives in June 2021 could be an exponential increase in hacking attacks.
Then, the department announced it had recovered the majority of $4.4 million extorted from Colonial Pipeline in a ransomware attack, which hindered fuel deliveries. In November 2021, the department announced charges against two Russians who are accused of writing and unleashing ransomware.
The Iranian suspects named in the indictment are Mansour Admadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari. The four counts charged in the indictment are conspiracy to commit fraud in connection with computers, two counts of intentionally damaging a protected computer and transmitting a demand in relation to damaging a computer.
The scheme ran from October 2020 to August 2022. In some cases, the victims paid ransoms in bitcoin. Federal authorities haven’t recovered the bitcoin or frozen any bitcoin accounts, as they have in other cases in recent years. Officials couldn’t estimate how much total was extorted.
According to the indictment, examples of the hacking attacks include:
- A domestic violence shelter losing access to its computer system in December 2021 after hackers encrypted its data and activated a program called BitLocker. “Your files may be corrupted and not recoverable. Just contact us,” said a message sent to the shelter’s printer. The shelter recovered its data after paying $13,000 in bitcoin ransom.
- A housing authority lost access to its data and had data stolen after a similar attack in January 2022. An email from hackers to the housing authority and threatened to sell the data, as they had in another case for $500,000. “I want this to end, and if you do not want to pay, let me know so that I can make money by selling data,” the email said.
- An accounting firm had data stolen in February 2022. The hackers emailed the firm and said they had locked more than 20 computer systems and asked for $50,000. “Are you ready to pay?” the message asked.
Wray thanked victims of the crimes for helping the FBI understand the vulnerabilities the hackers exploited.
“Today’s announcement is just the tip of the iceberg,” Wray said. “We’ve prepared a host of other actions I can’t talk about quite yet, but that were designed and sequenced in conjunction with this indictment to make a big dent in the threat.”
