US Sanctions IRGC-Affiliated Hackers on Ransomware Charges
In a new move carried out by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), multiple sanctions were handed out due to the accused’s ransomware activities.
Ten Individuals and two shell companies known for extorting US businesses and infrastructure providers have been sanctioned, prohibiting all commercial activities with the designated parties – in cryptocurrency or otherwise.
In tandem, the DOJ has also launched criminal charges against three named persons in absentia.
Hospitals and Transportation Nodes Under Attack
The attacks, spearheaded by alleged IRGC shell companies Najee Technology and Afkar System, targeted government offices and businesses across the US and its allies in the Middle East since at least 2020. Once the hackers managed to gain access to their target’s IT systems, they would then lock the bona fide users out and request a ransom to be paid in Bitcoin in exchange for the decryption keys.
Although these ransomware attacks would not have been taken as seriously if they had only affected small businesses, the hacker’s targets included institutions vital to the public.
“From June through August 2021, the group accelerated their malicious activity by targeting a wide range of U.S.-based victims, including transportation providers, healthcare practices, emergency service providers, and educational institutions.”
Both Sanctions and Criminal Charges Applied
The individuals have not only been added to the official sanctions list of the US Government – but they are also being pursued legally by a New Jersey court. Granted, the second legal action is rather meaningless as all suspects are abroad in a country that does not have an extradition pact in place with the US. Nevertheless, the move effectively bars the group from traveling to the US or any country allied with it.
The US Cybersecurity and Infrastructure Security Agency also released a statement for the technically inclined, outlining the procedures used in the cyberattacks, how to prevent similar events, and so on. According to Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson, these attacks are only the latest in a spree of ransomware onslaughts carried out by allegedly state-sponsored hackers across multiple countries.
“Ransomware actors and other cybercriminals, regardless of their national origin or base of operations, have targeted businesses and critical infrastructure across the board – directly threatening the physical security and economy of the United States and other nations. We will continue to take coordination action with our global partners to combat and deter ransomware threats, including those associated with the IRGC.”
The US Government and its various security agencies will continue in their efforts to ward off similar attacks and have set a bounty of up to $5 million for information on the suspects in the current case.
I’m a journalist who specializes in investigative reporting and writing. I have written for the New York Times and other publications.