SamSam Ransomware Allies Bitcoin Wallets Sanctioned By U.S Treasury Department and OFAC

Wilfred Michael 

Wilfred Michael

News reporter

30 November 2018,
SamSam Ransomware Allies Bitcoin Wallets Sanctioned By U.S Treasury Department and OFAC

Ali Khorashadizadeh and Mohammad Ghorbaniyan, the men collaborating with a crypto-targeted ransomware attack have been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC).

According to a press release by the regulators on Nov 28, the sanctioned men were Iranians and “materially assisted” two hackers to convert their bitcoin earnings to Rial. The hackers use the ransomware to gain access to corporate networks and demand ransom payment is made in Bitcoin.

Ali Khorashadizadeh and Mohammad Ghorbaniyan then help convert the Bitcoin to their native currency, Rial and deposit it with the banks.

For the first time in an OFAC sanction notice, the release included the bitcoin wallet addresses being used to carry out the crime and reported that over 7000 transactions involving 6000 BTC have been moved by the wallet since 2013.

The imposed sanctions state that “all property and interests in property of the designated persons that are in the possession or control of U.S. persons or within or transiting the United States are blocked, and U.S. persons generally are prohibited from dealing with them”.


Ransomware Creators Still Anonymous

While the U.S Department of Treasury has caught up with the allies of the SamSamware attack, the identity of the two hackers behind the crime remains unknown.

As per the release, over 200 attacks have been carried out with the ransomware so far and many government agencies, hospitals and companies have been reported since the malicious ware was first noticed in 2015.

WIRED, reported in August that the SamSam ransomware was making its owners around $300,000 monthly and $6 million since 2015. The publication remarks that so far, “nobody [could] work out who they are.”

Time will tell whether the new lead captured by the US Treasury will result in the uncovering of the perpetrators in the coming months or whether the sanctioned men are the ones behind the attack.

For the time being, the regulators have pledged to aggressively pursue Iranians and other foreigners who attempt to “exploit digital currencies and weaknesses in cyber and AML/CFT safeguards to further their nefarious objectives.”