The United States Department of Justice (DOJ) unsealed indictments against two alleged Iranian hackers accused of being the miscreants behind the infamous SamSam ransomware attacks.

The six-count indictment named Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, both Iranian nationals, as being responsible for a computer hacking and extortion scheme that affected over 200 organizations, including hospitals and government agencies, in the US and Canada for almost three years.

According to the court document, the DOJ estimates that the alleged hackers amassed around $6 million from ransom payments, while at the same time causing just over $30 million in damages as a result of the attacks.

Some of the most notable cases involved attacks on the city of Atlanta, the city of Newark, the Port of San Diego and the Kansas Heart Hospital.

“The allegations in the indictment unsealed today—the first of its kind—outline an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail,” said Assistant Attorney General Brian A. Benczkowski in a statement. “These defendants allegedly used ransomware to infect the computer networks of municipalities, hospitals, and other key public institutions, locking out the computer owners, and then demanded millions of dollars in payments from them”.

The indictment revealed that Savandi and Mansouri were charged with “one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer and two substantive counts of transmitting a demand in relation to damaging a protected computer”.

In a press conference, US Attorney Craig Carpenito is quoted by The Verge telling reporters that Savandi and Mansouri “worked hard to identify the most vulnerable targets that they could,” and that they were not solely motivated by money, rather “they’re seeking to harm our institutions and critical infrastructure. They’re trying to impact our way of life.”

________

For more on this story please check out City of Atlanta computers held hostage in ransomware attack and Atlanta’s ransomware attack: Police dashcam video archives lost forever.

For more on ransomware that targets larger organizations, check out Ransomware and the enterprise: A new white paper.