Two Iranians Indicted for Port of San Diego Ransomware Attack

Two Iranian nationals have been indicted by the U.S. Department of Justice for 34-month long ransomware attacks targeting over 200 entities, including most recently the Port of San Diego.

The six-count indictment alleges that Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, acting from Iran, deployed authored malware, known as SamSam Ransomware, on the computers of hospitals, municipalities, and public institutions, resulting in the encryption of data.

According to the indictment, Savandi and Mansouri would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting over USD 6 million in ransom payments to date.

“The Iranian defendants allegedly used hacking and malware to cause more than USD 30 million in losses to more than 200 victims,” said Deputy Attorney General Rosenstein.

“According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”

As World Maritime News reported earlier, the Port of San Diego reported the ransomware attack in September this year. State investigation authorities were called in to look into the matter.

As disclosed by the port, the cyber attack mainly impacted internal administrative functions, and services to the port’s tenants and stakeholders were generally uninterrupted.

In the first week of October the port informed it was open, and was handling vessels as usual.

Savandi and Mansouri are charged with one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer.