Three Iranian nationals charged with hacking into US-based laptop networks despatched ransom calls for to the printers of not less than a few of their victims, in accordance with an indictment unsealed as we speak. The ransom calls for allegedly sought funds in change for BitLocker decryption keys that the victims might use to regain entry to their knowledge.
The three defendants stay at massive and out of doors the US, the DOJ stated.
“The defendants’ hacking marketing campaign exploited identified vulnerabilities in generally used community gadgets and software program purposes to realize entry and exfiltrate knowledge and data from victims’ laptop programs,” the US Division of Justice stated in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and others additionally carried out encryption assaults in opposition to victims’ laptop programs, denying victims entry to their programs and knowledge until a ransom cost was made.”
The indictment in US District Courtroom for the District of New Jersey describes a number of incidents during which ransom calls for had been despatched to printers on hacked networks. In a single case, a printed message despatched to an accounting agency allegedly stated, “We’ll promote your knowledge should you determine to not pay or attempt to get well them.”
In one other incident, the indictment stated a Pennsylvania-based home violence shelter hacked in December 2021 obtained a message on its printers that stated, “Hello. Don’t take any motion for restoration. Your recordsdata could also be corrupted and never recoverable. Simply contact us.”
Khatibi later “despatched an electronic mail to a consultant of the Home Violence Shelter asking for cost of 1 Bitcoin,” the indictment stated. The shelter in the end paid the equal of $13,000 to the hacker’s Bitcoin pockets, the indictment stated, including that Khatibi then “offered decryption keys to allow the Home Violence Shelter to revive entry to its programs and knowledge.”
Earlier than sending the ransom demand, “a member of the conspiracy gained unauthorized entry to the Home Violence Shelter’s laptop system and launched an encryption assault by activating BitLocker, thereby denying the Home Violence Shelter entry to a few of its programs and knowledge,” the indictment stated. BitLocker is an encryption instrument utilized in Home windows.
“YOU HAVE TO CONTACT US IMMEDIATELY”
Victims included small companies, authorities businesses, nonprofit applications, instructional and non secular establishments, and “a number of important infrastructure sectors, together with well being care facilities, transportation companies and utility suppliers,” the DOJ press launch stated. The three indicted hackers and co-conspirators “collected funds in Bitcoin and different cryptocurrencies from sure victims that paid the ransom to decrypt their knowledge,” the indictment stated.
The Iranians hacked networks in a number of nations, “achieve[ing] unauthorized entry to the pc programs of a whole bunch of victims in the US, the UK, Israel, Iran, and elsewhere,” the DOJ stated. The US company accused Iran’s authorities of “creat[ing] a protected haven the place cyber criminals appearing for private achieve flourish and defendants like these are capable of hack and extort victims, together with important infrastructure suppliers.”
In April 2021, “Nickaein despatched a ransom demand communication to the printers” of an Illinois firm known as “Accounting Agency 2,” the indictment stated. The ransom demand allegedly instructed the agency to contact an electronic mail account managed by Nickaein and included the next textual content:
Hello!
IF YOU ARE READING THIS, IT MEANS YOUR DATA IS ENCRYPTED AND YOUR PRIVATE SENSITIVE INFORMATION IS STOLEN!
READ CAREFULLY THE WHOLE INSTRUCTIONS TO AVOID ANY PROBLEMS
YOU HAVE TO CONTACT US IMMEDIATELY TO RESOLVE THIS ISSUE AND MAKE A DEAL!
…
We’ll promote your knowledge should you determine to not pay or attempt to get well them.
Earlier than sending the ransom demand, Nickaein hacked into the corporate’s community, “stole knowledge, and launched an encryption assault utilizing BitLocker, thereby denying Accounting Agency 2 entry to sure of its programs and knowledge,” the indictment stated.
That is not the first hacking campaign to make use of the tactic, generally referred to as “print bombing,” of sending ransom demands to printers on the contaminated community.