The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has taken action against two Iran-based persons, Ali Khorashadizadeh and Mohammad Ghorbaniyan for facilitating the exchange of a ransom in bitcoin (BTC) into the country’s national currency, Rial. The exchange was made to aid cyber criminals associated with the SamSam ransomware scheme which affected over 200 individuals.
According to a press release by the agency, OFAC has also unearthed evidence that two Bitcoin addresses were affiliated with the cybercriminals. About 7,000 transactions have passed through these two addresses, with associations to the bitcoin paid in the form of ransom to the malicious SamSam ransomware actors. The U.S. Department of Justice (DOJ) prosecuted the two criminals on charges based on infection of a data network with the ransomware in the U.S., U.K., and Canada, all of which have been going on since 2015.
Financial Actors for the SamSam Ransomware
The SamSam ransomware scheme has affected several government agencies, universities and corporations by keeping their data ransom in return for money. These criminals abuse susceptibilities in a computer network to gain entry and copy the ransomware into the network. The ransomware then allows for these criminals to gain administrator rights to control the victim’s servers. When the data is held, a ransom in bitcoin is demanded so the original administrator can recover control of the network.
The key supporters of the financial part of this ransomware are the two criminals caught and prosecuted above, Ali Khorashadizadeh and Mohammad Ghorbaniyan. With their help, the bitcoin gotten from the victims as ransom was exchanged into the local currency and deposited into the local Iranian banks. Two digital currency addresses: 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V were used to facilitate the conversion of the bitcoin into the Iranian rial. Both addresses have been used by Ali Khorashadizadeh and Mohammad Ghorbaniyan since 2013 to process the exchange, including even US-based exchangers, to send about a total of 6,000 bitcoin worth millions in US dollars.
Actions Taken Against the Cyber Criminals
The action taken by OFAC has, for the very first time, attributed a specific address/addresses to a particular individual/individuals. This should help regarding blacklisting addresses in the cryptocurrency community which is used for malicious activities. Also, an effect of the action taken today is that individuals that transacted with the cybercriminals could be sanctioned secondarily. OFAC has updated its FAQ to include cryptocurrency transactions to be subject to its compliance obligations.
OFAC has now designated Ali Khorashadizadeh and Mohammad Ghorbaniyan in relation to aiding, sponsoring, and providing financial, material, or technological support for goods or services to or in support of the SamSam ransomware attacks. This action taken allows for blockage of their properties in possession of U.S. citizens and prohibition of U.S. citizens in dealing with them.
The action taken by OFAC is the 4th successive sanction taken against Iran in this month alone. OFAC has sanctioned over 900 individuals, entities, aircraft, and vessels including a range of activities related to malicious activity in Iran.
Image provided by Pixabay.