US Charges Three Iranians for Ransomware Attacks on Women’s Shelter, Businesses

A silhouetted Iranian woman walks past an anti-US wall painting on the wall of former US embassy in the capital city of Tehran, Iran, 05 September 2022. (EPA)

Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking in to their computer systems, US officials said on Wednesday.

Other targets included local US governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers' association, according to charges filed by the US Justice Department.

While the criminal charges do not say whether the alleged hackers worked for the Iranian government, a separate US Treasury Department statement said they were affiliated with the Iranian Revolutionary Guard Corps, an Iranian intelligence and security force.

A senior Justice Department official said the Iran government does not discourage residents from engaging in hacking, as long as it is directed outside the country.

Iran's mission to the United Nations in New York did not immediately respond to a request for comment.

The defendants, named Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein, are citizens of Iran who own or are employed by private technology companies in the country.

The Treasury Department also imposed sanctions on the three Iranians, as well as several other individuals and two organizations they said were part of Tehran's "malicious" cyber and ransomware activity.

The alleged hackers face little chance of being arrested, as they are believed to be living freely in Iran. But officials said the charges will make it difficult for them to travel or find work outside the country, as is the preference of many educated Iranians.

According to the charges, the three men infiltrated the computer systems of a wide range of businesses and governments between October 2020 and August 2022, encrypted their data and demanded bitcoin payments of up to hundreds of thousands of dollars.

Some victims, including the domestic violence shelter, opted to pay the ransom to recover their data.

Such ransomware attacks have skyrocketed over the past decade, damaging scores of US companies and other organizations around the globe.

In June last year, the Justice Department said it was elevating ransomware investigations to a similar priority as terrorism in the wake of a major, disruptive attack on a US pipeline company, which led to localized gas shortages on the US East coast.