Iranians hacked US companies, sent ransom demands to printers, indictment says

Iranians hacked US companies, sent ransom demands to printers, indictment says
Illustration of a hooded figure in dark room typing on a laptop. In the background, the wall is covered in ones and zeroes.

Getty Pictures | Bill Hinton

Three Iranian nationals charged with hacking into US-based computer networks sent ransom requires to the printers of at minimum some of their victims, according to an indictment unsealed today. The ransom requires allegedly sought payments in trade for BitLocker decryption keys that the victims could use to regain accessibility to their info.

The 3 defendants stay at huge and outdoors the US, the DOJ claimed.

“The defendants’ hacking marketing campaign exploited acknowledged vulnerabilities in usually used network units and computer software apps to achieve entry and exfiltrate knowledge and facts from victims’ pc systems,” the US Office of Justice stated in a push launch. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and other folks also done encryption attacks from victims’ laptop techniques, denying victims accessibility to their techniques and information except a ransom payment was designed.”

The indictment in US District Courtroom for the District of New Jersey describes a couple of incidents in which ransom demands were being despatched to printers on hacked networks. In one scenario, a printed concept sent to an accounting organization allegedly explained, “We will promote your facts if you make a decision not to shell out or check out to get well them.”

In another incident, the indictment reported a Pennsylvania-based domestic violence shelter hacked in December 2021 acquired a message on its printers that reported, “Hello. Do not acquire any motion for restoration. Your data files may well be corrupted and not recoverable. Just speak to us.”

Khatibi later on “sent an e mail to a consultant of the Domestic Violence Shelter asking for payment of a single Bitcoin,” the indictment said. The shelter in the long run paid out the equal of $13,000 to the hacker’s Bitcoin wallet, the indictment explained, introducing that Khatibi then “offered decryption keys to permit the Domestic Violence Shelter to restore access to its systems and data.”

In advance of sending the ransom demand from customers, “a member of the conspiracy obtained unauthorized access to the Domestic Violence Shelter’s pc method and introduced an encryption attack by activating BitLocker, therefore denying the Domestic Violence Shelter entry to some of its devices and info,” the indictment said. BitLocker is an encryption resource applied in Windows.


Victims included little corporations, government companies, nonprofit applications, academic and spiritual institutions, and “various important infrastructure sectors, which includes overall health treatment centers, transportation solutions and utility providers,” the DOJ press release explained. The 3 indicted hackers and co-conspirators “gathered payments in Bitcoin and other cryptocurrencies from sure victims that compensated the ransom to decrypt their data,” the indictment explained.

The Iranians hacked networks in many nations, “obtain[ing] unauthorized accessibility to the pc units of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and somewhere else,” the DOJ said. The US agency accused Iran’s government of “creat[ing] a harmless haven wherever cyber criminals acting for particular get flourish and defendants like these are capable to hack and extort victims, like vital infrastructure providers.”

In April 2021, “Nickaein sent a ransom demand from customers communication to the printers” of an Illinois company referred to as “Accounting Company 2,” the indictment mentioned. The ransom need allegedly advised the firm to get in touch with an e-mail account controlled by Nickaein and bundled the next textual content:


IF YOU ARE Examining THIS, IT Suggests YOUR Details IS ENCRYPTED AND YOUR Non-public Sensitive Information and facts IS STOLEN!

Browse Very carefully THE Whole Directions TO Steer clear of ANY Issues

YOU HAVE TO Get in touch with US Straight away TO Take care of THIS Problem AND MAKE A Offer!

We will provide your knowledge if you determine not to pay out or try out to get better them.

Just before sending the ransom demand, Nickaein hacked into the firm’s community, “stole info, and launched an encryption assault working with BitLocker, therefore denying Accounting Organization 2 entry to specific of its programs and knowledge,” the indictment claimed.

This is not the very first hacking marketing campaign to use the tactic, often called “print bombing,” of sending ransom calls for to printers on the contaminated community.