May 24, 2024


My Anti-Drug Is Computer

Iranians hacked US companies, sent ransom demands to printers, indictment says

Iranians hacked US companies, sent ransom demands to printers, indictment says

Illustration of a hooded figure in dark room typing on a laptop. In the background, the wall is covered in ones and zeroes.

Getty Photos | Invoice Hinton

3 Iranian nationals billed with hacking into US-primarily based personal computer networks despatched ransom needs to the printers of at minimum some of their victims, according to an indictment unsealed these days. The ransom demands allegedly sought payments in exchange for BitLocker decryption keys that the victims could use to get back entry to their facts.

The three defendants continue being at big and outside the house the US, the DOJ claimed.

“The defendants’ hacking campaign exploited acknowledged vulnerabilities in normally made use of network devices and software purposes to attain accessibility and exfiltrate details and info from victims’ personal computer programs,” the US Section of Justice reported in a push release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and other people also executed encryption attacks versus victims’ computer programs, denying victims obtain to their techniques and info unless of course a ransom payment was manufactured.”

The indictment in US District Court for the District of New Jersey describes a few incidents in which ransom calls for have been despatched to printers on hacked networks. In a person situation, a printed concept despatched to an accounting company allegedly explained, “We will promote your details if you choose not to spend or try to recuperate them.”

In a further incident, the indictment stated a Pennsylvania-dependent domestic violence shelter hacked in December 2021 received a information on its printers that mentioned, “Hello. Do not consider any action for recovery. Your files may possibly be corrupted and not recoverable. Just get in touch with us.”

Khatibi afterwards “despatched an electronic mail to a representative of the Domestic Violence Shelter inquiring for payment of a person Bitcoin,” the indictment said. The shelter finally paid out the equal of $13,000 to the hacker’s Bitcoin wallet, the indictment reported, incorporating that Khatibi then “furnished decryption keys to enable the Domestic Violence Shelter to restore entry to its units and info.”

Just before sending the ransom demand from customers, “a member of the conspiracy obtained unauthorized entry to the Domestic Violence Shelter’s laptop or computer system and released an encryption attack by activating BitLocker, thereby denying the Domestic Violence Shelter access to some of its systems and knowledge,” the indictment said. BitLocker is an encryption instrument applied in Home windows.


Victims provided compact enterprises, government agencies, nonprofit packages, educational and religious institutions, and “various vital infrastructure sectors, which includes overall health treatment centers, transportation services and utility suppliers,” the DOJ push release explained. The 3 indicted hackers and co-conspirators “collected payments in Bitcoin and other cryptocurrencies from particular victims that compensated the ransom to decrypt their information,” the indictment reported.

The Iranians hacked networks in quite a few countries, “gain[ing] unauthorized access to the laptop devices of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and somewhere else,” the DOJ explained. The US agency accused Iran’s governing administration of “creat[ing] a secure haven the place cyber criminals performing for own achieve prosper and defendants like these are equipped to hack and extort victims, together with essential infrastructure vendors.”

In April 2021, “Nickaein despatched a ransom demand communication to the printers” of an Illinois company referred to as “Accounting Firm 2,” the indictment said. The ransom desire allegedly informed the company to contact an e mail account managed by Nickaein and bundled the following textual content:


IF YOU ARE Looking at THIS, IT Implies YOUR Knowledge IS ENCRYPTED AND YOUR Private Sensitive Information and facts IS STOLEN!

Study Thoroughly THE Whole Recommendations TO Stay away from ANY Issues

YOU HAVE TO Get hold of US Immediately TO Resolve THIS Issue AND MAKE A Offer!

We will promote your details if you determine not to pay out or attempt to get better them.

Ahead of sending the ransom demand from customers, Nickaein hacked into the company’s network, “stole details, and introduced an encryption assault using BitLocker, thus denying Accounting Organization 2 accessibility to sure of its programs and facts,” the indictment mentioned.

This is not the to start with hacking marketing campaign to use the tactic, occasionally known as “print bombing,” of sending ransom requires to printers on the contaminated network.