The US charged three Iranian nationals Wednesday with conducting ransomware attacks that targeted victims across the globe, including local governments and utility companies.
Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari were charged with four counts of computer-related crimes, including cyber extortion. All are not in US custody and remain in Iran, a senior Justice Department official told reporters.
The attacks allegedly took place between October 2020 and August 2022, and affected computer networks in the US, UK, Israel, Iran, Russia and other countries, according to the indictment.
The "persistent" scheme involved the defendants exploiting known vulnerabilities in network devices and software "to access and exfiltrate data and information from victims' computer systems," which the defendants sought to profit from by denying the victims access to the information unless a ransom payment was made, it said.
The victims included a municipality in Union County, New Jersey, a county government in the state of Wyoming, and regional utility companies in the states of Mississippi and Indiana. A state bar association, two accounting firms, and a public housing authority in Washington were also targeted.
In some cases, victims were asked to hand over hundreds of thousands of dollars for their computer systems to be unlocked, with the alleged perpetrators sometimes utilizing office printers on compromised networks to physically print out their demands, and in other cases would use email, according to the Justice Department official.
Some of the victims made the ransom payment, which was demanded in Bitcoin and other cryptocurrencies, according to the indictment.
The defendants are not alleged to have any ties to the Iranian government.
