Iranians hacked US companies, sent ransom demands to printers, indictment says

Iranians hacked US companies, sent ransom demands to printers, indictment says
Illustration of a hooded figure in dark room typing on a laptop. In the background, the wall is covered in ones and zeroes.

Getty Pictures | Invoice Hinton

A few Iranian nationals billed with hacking into US-primarily based laptop networks sent ransom demands to the printers of at least some of their victims, in accordance to an indictment unsealed right now. The ransom requires allegedly sought payments in trade for BitLocker decryption keys that the victims could use to get back accessibility to their info.

The three defendants stay at massive and outside the US, the DOJ mentioned.

“The defendants’ hacking marketing campaign exploited known vulnerabilities in typically used network devices and application applications to attain accessibility and exfiltrate information and information and facts from victims’ laptop or computer units,” the US Section of Justice claimed in a press release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and others also conducted encryption attacks in opposition to victims’ computer programs, denying victims access to their techniques and knowledge until a ransom payment was made.”

The indictment in US District Court for the District of New Jersey describes a number of incidents in which ransom needs were despatched to printers on hacked networks. In 1 situation, a printed message despatched to an accounting company allegedly explained, “We will provide your details if you make a decision not to pay or test to recuperate them.”

In an additional incident, the indictment said a Pennsylvania-based domestic violence shelter hacked in December 2021 gained a information on its printers that stated, “Hi. Do not acquire any motion for recovery. Your files may well be corrupted and not recoverable. Just get hold of us.”

Khatibi later “sent an email to a representative of the Domestic Violence Shelter asking for payment of a single Bitcoin,” the indictment claimed. The shelter eventually paid out the equal of $13,000 to the hacker’s Bitcoin wallet, the indictment explained, incorporating that Khatibi then “delivered decryption keys to empower the Domestic Violence Shelter to restore accessibility to its units and details.”

Right before sending the ransom desire, “a member of the conspiracy received unauthorized accessibility to the Domestic Violence Shelter’s personal computer process and launched an encryption assault by activating BitLocker, thus denying the Domestic Violence Shelter accessibility to some of its techniques and knowledge,” the indictment said. BitLocker is an encryption tool utilized in Home windows.

“YOU HAVE TO Call US IMMEDIATELY”

Victims integrated smaller businesses, governing administration businesses, nonprofit programs, instructional and spiritual establishments, and “various vital infrastructure sectors, including well being care facilities, transportation products and services and utility suppliers,” the DOJ push launch reported. The three indicted hackers and co-conspirators “collected payments in Bitcoin and other cryptocurrencies from selected victims that paid the ransom to decrypt their details,” the indictment mentioned.

The Iranians hacked networks in various countries, “get[ing] unauthorized accessibility to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and in other places,” the DOJ explained. The US agency accused Iran’s government of “creat[ing] a risk-free haven in which cyber criminals acting for private attain prosper and defendants like these are equipped to hack and extort victims, which includes important infrastructure providers.”

In April 2021, “Nickaein sent a ransom need communication to the printers” of an Illinois company referred to as “Accounting Firm 2,” the indictment reported. The ransom demand allegedly explained to the company to contact an e mail account managed by Nickaein and incorporated the following text:

Hello!

IF YOU ARE Looking through THIS, IT Usually means YOUR Data IS ENCRYPTED AND YOUR Private Sensitive Data IS STOLEN!

Go through Cautiously THE Entire Recommendations TO Stay away from ANY Issues

YOU HAVE TO Make contact with US Right away TO Solve THIS Issue AND MAKE A Deal!

We will promote your facts if you determine not to pay out or check out to get better them.

Just before sending the ransom need, Nickaein hacked into the firm’s network, “stole information, and released an encryption attack making use of BitLocker, therefore denying Accounting Firm 2 access to specific of its devices and details,” the indictment mentioned.

This is not the very first hacking marketing campaign to use the tactic, in some cases referred to as “print bombing,” of sending ransom requires to printers on the contaminated community.