Hackers indicted in SamSam ransomware attacks on Allscripts, hospitals

A grand jury in New Jersey has indicted two Iranian hackers in connection with the ransomware campaign that crippled more than 200 organizations, including Allscripts and several hospitals, universities and cities, according to an ABC 7 report. The men are still at large.

Here are seven things to know:

1. The U.S. indictment, unsealed Nov. 28, accuses Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri of operating what authorities called "an extreme form of 21st century digital blackmail," by infecting several victims' computers with the SamSam ransomware.

2. Allscripts was one of the hackers' victims. The Chicago-based medical records company was hit with a cyberattack in mid-January that blocked several hospital clients' access to their EHRs. Allscripts currently faces a class-action federal lawsuit alleging it didn't sufficiently monitor its cloud-based data systems to protect its clients' data from the attack.

3. There were five other healthcare-related entities affected by the ransomware campaign, including: Wichita-based Kansas Heart; Los Angeles-based Hollywood Presbyterian Medical Center; LabCorp, Columbia, Md.-based MedStar Health; and Omaha-based OrthoNebraska Hospital.

4. Several cities — including Atlanta and Newark — were also victimized by the hackers. SamSam is a ransomware variant that targets servers rather than tricking users into clicking on infected files. The virus then encrypts users' files and demands a ransom payment to unlock and return the systems to normal.

5. The indictment alleges that the hackers developed the ransomware in 2015 and began launching attacks in 2017 by scanning for computer network vulnerabilities they could exploit to gain entry. The attacks would be launched before or after regular business hours to make them more difficult to detect and fight.

6. Although FBI officials warn organizations never to pay the ransom, victims paid the Iranian hackers more than $6 million and suffered more than $30 million in losses from lack of access to their data.

7. The hackers, Mr. Savandi and Mr. Mansouri, are named in FBI arrest warrants.

To access the indictment, click here.

More articles on cybersecurity:

Ohio, West Virginia hospitals refuse to pay ransom after cyberattack
Atrium Health billing hack compromised data of 2.65M patients: 6 things to know
Mercy Medical Center notifies 1.9K to potential PHI breach

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months