A trio of Iranian nationals hacked into the computer systems of hundreds of victims in the U.S. and around the world, shaking down utility companies, local governments and even a shelter for victims of domestic violence, federal prosecutors said Wednesday.
Since October 2020, Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari have “engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, Russia and elsewhere, causing damage and loss,” the Justice Department alleged in an indictment filed in federal court in New Jersey.
The three preyed upon organizations in the critical infrastructure sector, including health care centers, transportation services and utility providers, as well as “small businesses, government agencies, non-profit programs, and educational and religious institutions,” said the indictment, which was unsealed Wednesday.
Using commercially available encryption software known as BitLocker, they locked up the computer systems of some victims with ransomware and demanded money to unlock them, prosecutors said.
Victims listed in the indictment include a township municipality in Union County, New Jersey, accounting firms in Illinois and New Jersey, power companies based in Mississippi and Indiana, a housing authority in Washington state, a county government in Wyoming and a domestic violence shelter in Pennsylvania.
The shelter wound up paying $13,000 in ransom to recover its data, the indictment said. It doesn’t specify how many other victims paid.
FBI Director Christopher Wray has said the three also targeted companies and entities in Iran, “demonstrating that few targets were off-limits.” While investigators said they don’t believe the three were working with the Iranian government, the Treasury Department said in a news release that they were part of a group of cyber actors affiliated with the Islamic Revolutionary Guard Corps and announced sanctions against them.
The State Department is offering up to $10 million for information about the three men, who authorities believe are residing in Iran.
In a video statement, Wray also announced that a joint cybersecurity advisory will be released by law enforcement agencies in the U.S. and abroad, including Canada and Australia, to reduce the impact of future cyber threats linked to the Revolutionary Guards, who have been known to launch such attacks worldwide, some of them on critical infrastructure.
“These steps will also show those responsible for these unconscionable attacks that if you try to hold our critical infrastructure for ransom, if you try to disrupt the way Americans live their daily lives, you’re going to be facing the full force of the U.S. government and its allies, and we will do everything in our power to bring you to justice,” Wray said.
He also said the U.S. has developed further actions “designed and sequenced in conjunction with this indictment to make a big dent in the threat.”
Tom Winter contributed.