back to article WhamWham, bambam, no thank you, SamSam: Iranians accused by the Feds of orchestrating ransomware outbreak

US prosecutors have this week charged two people believed to be behind the notorious SamSam ransomware outbreak. The Department of Justice claims Iranian nationals Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri masterminded the infection of more than 200 networks, including a handful of city governments and hospitals …

  1. Anonymous Coward
    Anonymous Coward


    Prosecutors did not say when, if ever, it expects to apprehend and extradite the Iran-based duo to face trial in the States.

    1. fandom Silver badge

      Re: Bah

      Yes, it's weird, it is almost as if they didn't have seers on staff

      1. Teiwaz Silver badge

        Re: Bah

        Yes, it's weird, it is almost as if they didn't have seers on staff

        Shame the Reagens aren't still in the Whitehouse then.

  2. Wibble

    Is this the new AV signature?

    All the blackmail (you've visited some porn site) and ransomware spam/scams publish their bitcoin wallet IDs. Does this make following the money easier? Recovery possible? Exchanges liable?

    Interesting times for the Cyber Punks.

  3. -tim

    They are looking at a lifetime in Leavenworth

    Computer crimes against US military hospitals where they treat people that have been harmed by top secret things can get you 18 years per offense. So if they tried to hack a hospital where an airman that worked on an Atlas in 1959 had been a patient, they can be persecuted under some particularly draconian cold war era laws. Being out of the easy reach of the US government is only a minor inconvenience unless they also managed to screw around with CIA operative's medical records.

    1. rmason Silver badge

      Re: They are looking at a lifetime in Leavenworth

      It's not merely a minor inconvenience to the US gov at all.

      These two, (well, the one they are sure is real, anyway) will never see the inside of a US court room. Ever.

      This just makes a few people feel better. I'm sure the fellas in question weren't planning any US holidays any time soon. They've got their money (The BTC was immediately cashed out into real money) job done..

      1. LDS Silver badge

        "weren't planning any US holidays any time soon"

        Probably there are many more places they shouldn't plan any holiday anytime soon... law enforcement agencies do collaborate...

  4. DropBear Silver badge


    So the Feds "told" every single exchange, in every single country around the world they shall not process payments* for these addresses? I'm glad we worked out how things work. Or else what...?

    * not that I'm defending those two pricks. It's just so rare to see the World Police openly in action...

    1. diodesign (Written by Reg staff) Silver badge

      Re: Oh...?

      From the linked-to Treasury page...

      "...these digital currency addresses should assist those in the compliance and digital currency communities in identifying transactions and funds that must be blocked and investigating any connections to these addresses.

      "As a result of today’s action, persons that engage in transactions with Khorashadizadeh and Ghorbaniyan could be subject to secondary sanctions. Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same."

      Read into that what you will.


    2. Anonymous Coward
      Anonymous Coward

      Re: Oh...?

      Recycling know illegal money may be an issue in the country you operate...

  5. Andy The Hat Silver badge

    The Feds have said ...

    "don't process these payments ..."

    And exactly how many foreign owned exchanges will give a monkey's left toenail about what the Feds say?

    Another example of the USA thinking "Feds: World Police"

  6. Julz

    Does Iran have a list of US citizens (and possibly Israeli citizens) that they want to prosecute regarding Stuxnet?

    1. LDS Silver badge

      Probably they have... but it's not something they can ask Interpol to work with...

      1. This post has been deleted by its author

  7. Robin 3

    oooo, we know your bitcoid address, scary...

    Like they know enough to create and operate a working ransomware scam, but would not know about and their friends to anonymise their coin and cash out as needed.

  8. Stevie Silver badge


    That Faramir Savandi bloke should be easy to find unless they look only at night. Stands out like a sore thumb.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019