Hackers indicted in SamSam ransomware attacks on Allscripts, hospitals

A grand jury in New Jersey has indicted two Iranian hackers in connection with the ransomware campaign that crippled more than 200 organizations, including Allscripts and several hospitals, universities and cities, according to an ABC 7 report. The men are still at large.

Here are seven things to know:

1. The U.S. indictment, unsealed Nov. 28, accuses Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri of operating what authorities called "an extreme form of 21st century digital blackmail," by infecting several victims' computers with the SamSam ransomware.

2. Allscripts was one of the hackers' victims. The Chicago-based medical records company was hit with a cyberattack in mid-January that blocked several hospital clients' access to their EHRs. Allscripts currently faces a class-action federal lawsuit alleging it didn't sufficiently monitor its cloud-based data systems to protect its clients' data from the attack.

3. There were five other healthcare-related entities affected by the ransomware campaign, including: Wichita-based Kansas Heart; Los Angeles-based Hollywood Presbyterian Medical Center; LabCorp, Columbia, Md.-based MedStar Health; and Omaha-based OrthoNebraska Hospital.

4. Several cities — including Atlanta and Newark — were also victimized by the hackers. SamSam is a ransomware variant that targets servers rather than tricking users into clicking on infected files. The virus then encrypts users' files and demands a ransom payment to unlock and return the systems to normal.

5. The indictment alleges that the hackers developed the ransomware in 2015 and began launching attacks in 2017 by scanning for computer network vulnerabilities they could exploit to gain entry. The attacks would be launched before or after regular business hours to make them more difficult to detect and fight.

6. Although FBI officials warn organizations never to pay the ransom, victims paid the Iranian hackers more than $6 million and suffered more than $30 million in losses from lack of access to their data.

7. The hackers, Mr. Savandi and Mr. Mansouri, are named in FBI arrest warrants.

To access the indictment, click here.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars