The U.S. Justice Department has unsealed criminal charges against three Iranians accused of hacking for ransom the computer networks of hundreds of victims in the United States and around the world.
The three hackers are accused of carrying out “malicious computer activities” between October 2020 and August 2022, according to a 30-page indictment unsealed Wednesday.
The indictment comes amid a surge in ransom attacks on organizations in the U.S. and elsewhere, costing victims billions of dollars and prompting law enforcement agencies to step up efforts to combat the problem.
Among the targeted organizations of the Iranian hacking campaign were a New Jersey township, two accounting firms, a power company, and a domestic violence shelter.
All were victims of what is known as a “ransomware attack,” in which cybercriminals encrypt a target’s computer files and then demand bitcoin payments in exchange for decrypting them.
In this case, the victims sometimes made a ransom payment, according to the indictment.
Law enforcement officials briefing reporters emphasized that the alleged hackers behind the cyberattacks did not work for the Iranian government, which has long been accused of sponsoring cyberattacks against victims in the United States and other countries.
“Crimes like these will happen when nations and their governments do not adhere to widely accepted norms like promulgating and enforcing broadly applicable laws against computer hacking and extortion,” a senior law enforcement official said, speaking on condition of anonymity.
The three hackers – identified as Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nickaein Ravari – remain at large and are believed to be in Iran.
The defendants face four counts, including computer hacking and extortion.
Law enforcement officials said the victims were “targets of opportunity,” identified because of vulnerabilities in their computer systems.
The victims were located in the United States, the United Kingdom, Iran, Israel, Russia and other countries, according to the indictment.
Among them were small businesses, government agencies, nonprofit organizations, and educational and religious institutions.
The attackers also targeted critical infrastructure organizations, including health care centers, transportation services, and utility providers.