In the United States, indicted two Iranians whose virus has stopped the work of Atlanta

With that because of the acts of cybercriminals have paralyzed the work of entire cities, which, according to the prosecutor, constitutes an "encroachment" on the American way of life.

The United States Department of Justice has indicted two Iranian citizens accused of large-scale cyber-attacks. Faramarz Shahi Sawandi and Mohammad Mehdi Shah Mansuri are responsible for creating extortion virus Samsam.

The Iranians could have obtained $ 6 million from 200 casualties, including not only ordinary users, but also entire US cities, Atlanta and Newark.

Because of this incident, the Ministry of Finance was required for the first time to impose bitcoin portfolios, since all the funds received by the pirates in the form of ransom, they were stored on them.

SamSam started infecting computers in 2015, specializing in attacks on hospitals and infrastructure. Like the others ransomware virus, SamSam has blocked the user's computer and asked for a ransom in bitcoin for decryption, sometimes reaching tens of thousands of dollars. According to the survey, more than 7,000 transactions were recorded in the accused's wallet.

As stated by American lawyer Craig Carpenito, the main objective of Sawandi and Mansuri was not the money:

They tried to harm our institutions and our critical infrastructure. They tried to attack our way of life.

One of the most notorious "cases" of hackers was the attack in Atlanta, Georgia, in March 2018. The core municipal functions then suffered intrusions – for example, citizens could not pay their bills or use parking meters, the transaction can not pbad through the infected network.

The Justice Ministry says Sawandi and Mansuri have conducted cyber-attacks in 43 US states, but do not disclose the number of people who have suffered. Earlier, the media reported Indiana Hospital Hospital Hanbad Health, which had decided to pay the fraudsters to unlock computers, transferring them $ 55,000.

Unfortunately, as often happens in such cases, criminals can not get justice – they have not been arrested yet.

"Although the defendants are in Iran and out of reach of US law enforcement, they could be arrested during the trip." The United States is already exploring other ways to pay damages ", said the source. Press release Ministry of Justice.

As explained by an expert of ESET Russian technical badistance services Andrei Ermilov, SamSam – it is not so much a virus as targeted attacks on organizations with vulnerabilities on the network. Malefactors searched for such networks and entered RDP [протокол удаленного рабочего стола — Газета.Ru]. After that, the second act started, where they got the rights of a domain administrator. For this, a whole combination of tools was used, including the famous Mimikatz. Having been granted administrator rights, the attackers completed the attack by deploying the encoders on all computers on the network:

At the same time, the infection was more like a normal installation of legitimate software. Having completed the third act, they started asking for money to access the files. This is very similar to entering the raider of the organization, except that here the goal is to get a ransom.

The control point specialists described virus extortionist SamSam back in 2016. It can be delivered to a computer in different ways. One of them exploits a Windows vulnerability that does not require the user to open the infected file or follow the link.

Attackers can run extortionist remotely after detecting an unclosed vulnerability on the server and penetration into the network. After penetration, using the same vulnerabilities virus extortionist spreads on the local network and infects other devices.

These attacks are not the first time a problem for urban systems. So, in 2016, attackers attacked the municipal transport agency San Francisco (SFMTA) and disrupted the work of turnstiles in the subway, because of bringing to the city a serious loss. And the most recent example is November 28th. because of cyber attacks on servers The Moscow cable car was forced to stop the transport of pbadengers.

"This shows that cyberattacks can not only cause serious financial damage, but also have a negative impact on the life of the entire city. Considering that the entire urban infrastructure (public services, hospitals, transport, etc.) is gradually connected to the network, it is necessary to work to prevent threats and not to eliminate the consequences, "said the technical director from Check Point Software Technologies in Russia CIS Nikita Durov.