Tech

Iranians attacked US companies, sent ransom demands to printers, indictment says


Illustration of a hooded figure in a dark room typing on a laptop.  In the back, the wall is covered with the numbers one and zero.

Getty Images | Bill Hinton

Three Iranian nationals accused of hacking a US-based computer network have sent ransom demands to the printers of at least some of their victims, according to a report. indictment unsealed today. The ransom demands are said to have sought payments in exchange for BitLocker decryption keys that victims could use to regain access to their data.

According to the DOJ, the three defendants remain widespread and outside the United States.

“The defendants’ offensive campaign exploited known vulnerabilities in network devices and software applications commonly used to access and obtain data and information from the victim’s computer system”. Press Release. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and others also conducted cryptographic attacks against victims’ computer systems, denying victims access to their systems and data unless a ransom is made.”

The indictment in the United States District Court for the District of New Jersey describes several incidents in which ransom requests were sent to printers on hacked networks. In one case, a printed message was sent to an accounting firm that said, “We will sell your data if you decide not to pay or attempt to recover them.”

In another incident, the indictment said a domestic violence shelter in Pennsylvania that was attacked in December 2021 received a message on their printer that read: “Hi. Do not take any action to recover. Your files may be damaged and cannot be recovered. Just contact us.”

Khatibi then “emailed a representative of the Domestic Violence Shelter demanding payment of one Bitcoin,” the indictment said. The indictment says the shelter ultimately paid the equivalent of $13,000 into the attacker’s Bitcoin wallet, adding that Khatibi then “provided the decryption keys to enable the Shelter to Domestic Violence restores access to the system and its data.”

Prior to submitting the ransom request, “a member of the conspiracy gained unauthorized access to the Domestic Violence Shelter’s computer system and carried out a cryptographic attack by activating BitLocker, thereby from deny Domestic Violence Shelter access to some of its systems and data”. . BitLocker is an encryption tool used in Windows.

“YOU MUST CONTACT US IMMEDIATELY”

Victims include small businesses, government agencies, nonprofit programs, educational and religious organizations, and “many areas of critical infrastructure, including care centers healthcare, transportation and utility providers,” the DOJ press release said. The three indicted hackers and accomplices “collected payments in Bitcoin and other cryptocurrencies from certain victims who paid ransoms to decrypt their data,” the indictment said. .

Iranians have hacked in several countries, “yeah[ing] The DOJ said it gained unauthorized access to the computer systems of hundreds of victims in the United States, United Kingdom, Israel, Iran and elsewhere.[ing] a safe haven where self-interested cybercriminals thrive and defendants like this can attack and blackmail victims, including key infrastructure providers important. “

In April 2021, “Nickaein sent a ransom note to printers” of a company in Illinois called “Accounting Firm 2,” the indictment said. The ransom request is said to have asked the company to contact an email account controlled by Nickaein and included the following text:

Hi!

IF YOU ARE READING THIS, THIS MEANs YOUR DATA IS ACCESSED AND YOUR PRIVATE SENSITIVE INFORMATION DISCLOSED!

READ ALL INSTRUCTIONS CAREFULLY TO AVOID ANY PROBLEM

YOU MUST CONTACT US IMMEDIATELY TO SOLVE THIS PROBLEM AND BOOK!

We will sell your data if you decide not to pay or try to recover them.

Prior to submitting the ransom request, Nickaein hacked into the company’s network, “stealed data and performed an encryption attack using BitLocker, thereby denying accounting firm 2 access to some of its systems and data,” the indictment said.

This is Not the first hacking campaign for tactical use, sometimes called “print bombing”, to send ransom for printer on the infected network.



Source link

news5s

News5s: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, Sports...at the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button