The Office of Foreign Assets Control of the US Department of the Treasury designated two individuals who facilitated the exchange of bitcoin ransom payments into Iranian currency. According to OFAC, the two men, Ali Khorashadizadeh and Mohammad Ghorbaniyan, helped Iran-based cyber criminals profit from the “SamSam” ransomware attacks carried out against institutions and businesses in the US and overseas. OFAC also identified two digital currency addresses associated with the designated persons. In a parallel statement, the Justice Department unsealed indictments against two other individuals, both Iranian nationals, who are alleged to have acted from within Iran to develop the SamSam ransomware program, which they used to gain access to the computer systems of hospitals, major municipalities, public institutions, and businesses, collecting over $6 million and causing over $30 million in damage. The UK National Crime Agency also released a statement about the case, saying that NCA investigators worked with US authorities to determine that the crime group used UK infrastructure to carry out some of their crimes; because of that, the NCA was able to provide the US with digital forensic evidence that was crucial to the identification of the alleged perpetrators.
OFAC press release | DOJ press conference | Indictment | DNJ press release | NCA news release