FBI charges men in 2016 ransomware attack on University of Calgary

The university paid a ransom of $20,000 after the 2016 attack to preserve an option to restore critical research data.

Both suspects are in Iran and out of the reach of U.S. law enforcement

The FBI says "SamSam" ransomware was used in cyberattacks in Canada and the United States. (Getty Images)

The FBI says it has charged two men in Iran as part of an investigation into cyberattacks that targeted the University of Calgary and computer networks in the United States.

The university paid a ransom of $20,000 after the 2016 attack to preserve an option to restore critical research data.

The FBI says "SamSam" ransomware infiltrated computer networks in Atlanta, San Diego and Newark, N.J., as well as major health-care providers, the University of Calgary and others.

Investigators allege the malware encrypted data and files, and the suspects demanded payment to restore access to affected systems in what the FBI calls "21st-century blackmail."

The agency estimates the cyberattacks caused $30 million in damage to public and private institutions and that $6 million in ransom payments were extorted.

Linda Dalgetty, vice-president of the University of Calgary, says the administration is grateful that charges have been laid.

"The University of Calgary would like to thank the Federal Bureau of Investigation, the Calgary Police Service, and all co-operating law enforcement agencies for their diligence and perseverance in investigating this matter," she said Wednesday in a release.

"We are thankful that law enforcement agencies take such criminal acts very seriously and were able to locate the perpetrators and issue arrest warrants."

Faramarz Savandi and Mohammad Mansouri are each charged with conspiracy to commit wire fraud, conspiracy to commit fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.

"The actions highlighted today, which represent a continuing trend of cyber criminal activity emanating from Iran, were particularly threatening, as they targeted public safety institutions, including U.S. hospital systems and governmental entities," FBI spokeswoman said in a release.

The agency acknowledged that both suspects are in Iran and are out of the reach of U.S. law enforcement.

It said they can be apprehended if they travel and the United States is exploring other ways of bringing them to justice.

Corrections

  • An earlier version of this story said $30 billion, not million, in damaged was caused.
    Nov 28, 2018 4:35 PM MT