From 2015 to 2018, a strain of ransomware known as SamSam paralyzed computer networks across North America and the UK. It caused more than $30m in damages to at least 200 entities, including the cities of Atlanta and Newark, the port of San Diego and Hollywood Presbyterian medical center in Los Angeles. It knocked out Atlanta’s water service requests and online billing systems, prompted the Colorado Department of Transportation to call in the national guard, and delayed medical appointments and treatments for patients nationwide whose electronic records couldn’t be retrieved. In return for restoring access to the files, the cyberattackers collected at least $6m in ransom.
“You just have 7 days to send us the BitCoin,” read the ransom demand to Newark. “After 7 days we will remove your private keys and it’s impossible to recover your files.”div">>
Cybercrime for dummies: cracking internet passwords is as easy as 123456Read more
At a press conference last November, then deputy attorney general Rod Rosenstein announced that the US Department of Justice had indicted two Iranian men on fraud charges for allegedly developing the strain and orchestrating the extortion. Many SamSam targets were “public agencies with missions that involve saving lives”, and the attackers impaired their ability to “provide healthcare to sick and injured people”, Rosenstein said. The hackers “knew that shutting down those computer systems could cause significant harm to innocent victims”.
In a statement that day, the FBI said the “criminal actors” were “out of the reach of US law enforcement”. But they weren’t beyond the reach of an American company that says it helps victims regain access to their computers. Proven Data Recovery of Elmsford, New York, regularly made ransom payments to SamSam hackers over more than a year, according to Jonathan Storfer, a former employee who dealt with them.