Getty Images | Bill Hinton
Three Iranian nationals charged with hacking into US-based pc networks sent ransom demands to the printers of at the least a few of their victims, in accordance to an indictment unsealed right this moment. The ransom demands allegedly sought funds in alternate for BitLocker decryption keys that the victims might use to regain entry to their information.
The three defendants stay at giant and out of doors the US, the DOJ stated.
“The defendants’ hacking campaign exploited known vulnerabilities in commonly used network devices and software applications to gain access and exfiltrate data and information from victims’ computer systems,” the US Department of Justice stated in a press launch. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and others also conducted encryption attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom payment was made.”
The indictment in US District Court for the District of New Jersey describes just a few incidents by which ransom demands had been sent to printers on hacked networks. In one case, a printed message sent to an accounting agency allegedly stated, “We will sell your data if you decide not to pay or try to recover them.”
In one other incident, the indictment stated a Pennsylvania-based home violence shelter hacked in December 2021 acquired a message on its printers that stated, “Hi. Do not take any action for recovery. Your files may be corrupted and not recoverable. Just contact us.”
Khatibi later “sent an email to a representative of the Domestic Violence Shelter asking for payment of one Bitcoin,” the indictment stated. The shelter finally paid the equal of $13,000 to the hacker’s Bitcoin pockets, the indictment stated, including that Khatibi then “provided decryption keys to enable the Domestic Violence Shelter to restore access to its systems and data.”
Before sending the ransom demand, “a member of the conspiracy gained unauthorized access to the Domestic Violence Shelter’s computer system and launched an encryption attack by activating BitLocker, thereby denying the Domestic Violence Shelter access to some of its systems and data,” the indictment stated. BitLocker is an encryption software utilized in Windows.
“YOU HAVE TO CONTACT US IMMEDIATELY”
Victims included small companies, authorities businesses, nonprofit applications, academic and non secular establishments, and “multiple critical infrastructure sectors, including health care centers, transportation services and utility providers,” the DOJ press launch stated. The three indicted hackers and co-conspirators “collected payments in Bitcoin and other cryptocurrencies from certain victims that paid the ransom to decrypt their data,” the indictment stated.
The Iranians hacked networks in a number of nations, “gain[ing] unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere,” the DOJ stated. The US company accused Iran’s authorities of “creat[ing] a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers.”
In April 2021, “Nickaein sent a ransom demand communication to the printers” of an Illinois firm referred to as “Accounting Firm 2,” the indictment stated. The ransom demand allegedly advised the agency to contact an e-mail account managed by Nickaein and included the next textual content:
IF YOU ARE READING THIS, IT MEANS YOUR DATA IS ENCRYPTED AND YOUR PRIVATE SENSITIVE INFORMATION IS STOLEN!
READ CAREFULLY THE WHOLE INSTRUCTIONS TO AVOID ANY PROBLEMS
YOU HAVE TO CONTACT US IMMEDIATELY TO RESOLVE THIS ISSUE AND MAKE A DEAL!
We will promote your information should you resolve not to pay or attempt to get better them.
Before sending the ransom demand, Nickaein hacked into the corporate’s community, “stole data, and launched an encryption attack using BitLocker, thereby denying Accounting Firm 2 access to certain of its systems and data,” the indictment stated.
This isn’t the primary hacking marketing campaign to use the tactic, typically known as “print bombing,” of sending ransom demands to printers on the contaminated community.