U.S. charges three Iranians for ransomware attacks on women's shelter, businesses

·2-min read
Illustration shows USA and Iran flags

By Christopher Bing and Andy Sullivan

WASHINGTON (Reuters) -Three Iranians have been charged with trying to extort hundreds of thousands of dollars from organizations in the United States, Europe, Iran and Israel, including a domestic violence shelter, by hacking in to their computer systems, U.S. officials said on Wednesday.

Other targets included local U.S. governments, regional utilities in Mississippi and Indiana, accounting firms and a state lawyers' association, according to charges filed by the U.S. Justice Department.

While the criminal charges do not say whether the alleged hackers worked for the Iranian government, a separate U.S. Treasury Department statement said they were affiliated with the Islamic Revolutionary Guard Corps, an Iranian intelligence and security force.

A senior Justice Department official said the Iran government does not discourage residents from engaging in hacking, as long as it is directed outside the country.

Iran's mission to the United Nations in New York did not immediately respond to a request for comment.

The defendants, named Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein, are citizens of Iran who own or are employed by private technology companies in the country.

The Treasury Department also imposed sanctions on the three Iranians, as well as several other individuals and two organizations they said were part of Tehran's "malicious" cyber and ransomware activity.

The alleged hackers face little chance of being arrested, as they are believed to be living freely in Iran. But officials said the charges will make it difficult for them to travel or find work outside the country, as is the preference of many educated Iranians.

According to the charges, the three men infiltrated the computer systems of a wide range of businesses and governments between October 2020 and August 2022, encrypted their data and demanded bitcoin payments of up to hundreds of thousands of dollars.

Some victims, including the domestic violence shelter, opted to pay the ransom to recover their data.

Such ransomware attacks have skyrocketed over the past decade, damaging scores of U.S. companies and other organizations around the globe.

In June last year, the Justice Department said it was elevating ransomware investigations to a similar priority as terrorism in the wake of a major, disruptive attack on a U.S. pipeline company, which led to localized gas shortages on the U.S. East coast.

(Reporting by Christopher Bing and Andy Sullivan in WashingtonAdditional reporting by Kanishka Singh in WashingtonEditing by Tim Ahmann and Matthew Lewis)