This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
The U.S. Justice Department has indicted three Iranians whom it says used ransomware attacks against hundreds of victims in the United States, Britain, and other countries.
The indictment accuses the three men — Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari — of launching cyberattacks against multiple targets between October 2020 and last month.
The men are accused of using ransomware attacks, which effectively hold victims’ data hostage while the hackers demand payments to have it returned. In some cases, the victims made the payments, the department said.
The alleged U.S. victims included local governments, a shelter for victims of domestic violence, a children’s hospital, accounting firms, and electricity generating companies.
The victims were “targets of opportunity” whose computer systems were vulnerable to hacking, according to officials.
A senior Justice Department official told reporters that the indictment “does not allege that these actors undertook these actions on behalf of the government of Iran.”
However, a separate U.S. Treasury Department announcement said the three were part of a larger hacking group tied to Iran’s Islamic Revolutionary Guard Corps (IRGC).
“This IRGC-affiliated group is known to exploit software vulnerabilities in order to carry out their ransomware activities, as well as engage in unauthorized computer access, data exfiltration, and other malicious cyber activities,” the Treasury Department said in a statement announcing sanctions against the group.
According to the senior Justice Department official, who briefed reporters on the case on the condition of anonymity under ground rules set by the department, some of the victims were even in Iran.
The official said the activity, even if not directed by the Iranian government, exists because the regime permits hackers to largely operate with impunity. The government does not discourage residents from engaging in hacking as long as it is directed outside the country, the official said.
The sanctions were announced by the Treasury Department’s Office of Foreign Assets Control, which said the three accused hackers are thought to be in Iran. They face little chance of being arrested, but the Justice Department official said the pending charges make it “functionally impossible” for them to leave the country.
The State Department also highlighted the case against the three men and said in a statement that its Rewards for Justice program was offering a reward for information on foreign malicious cyberactivity against U.S. critical infrastructure.
Reported ransomware payments in the United States reached over $590 million in 2021, compared to a total of $416 million in 2020, the Treasury Department said. The U.S. government estimates these payments represent just a fraction of the economic harm caused by malicious cyber activities.