Three Iranian nationals charged with hacking into US-based laptop networks sent ransom demands to the printers of at the very least a few of their victims, in accordance to an indictment unsealed right this moment. The ransom demands allegedly sought funds in trade for BitLocker decryption keys that the victims may use to regain entry to their information.

The three defendants stay at massive and out of doors the US, the DOJ mentioned.

“The defendants’ hacking marketing campaign exploited recognized vulnerabilities in generally used community units and software program functions to acquire entry and exfiltrate information and knowledge from victims’ laptop techniques,” the US Division of Justice mentioned in a press launch. Defendants Mansour Ahmadi, Ahmad Khatibi, Amir Hossein Nickaein “and others additionally carried out encryption assaults towards victims’ laptop techniques, denying victims entry to their techniques and information until a ransom fee was made.”

The indictment in US District Courtroom for the District of New Jersey describes a number of incidents during which ransom demands have been sent to printers on hacked networks. In a single case, a printed message sent to an accounting agency allegedly mentioned, “We are going to promote your information when you resolve not to pay or strive to get better them.”

In one other incident, the indictment mentioned a Pennsylvania-based home violence shelter hacked in December 2021 acquired a message on its printers that mentioned, “Hello. Don’t take any motion for restoration. Your information could also be corrupted and never recoverable. Simply contact us.”

Khatibi later “sent an e-mail to a consultant of the Home Violence Shelter asking for fee of 1 Bitcoin,” the indictment mentioned. The shelter in the end paid the equal of $13,000 to the hacker’s Bitcoin pockets, the indictment mentioned, including that Khatibi then “supplied decryption keys to allow the Home Violence Shelter to restore entry to its techniques and information.”

Earlier than sending the ransom demand, “a member of the conspiracy gained unauthorized entry to the Home Violence Shelter’s laptop system and launched an encryption assault by activating BitLocker, thereby denying the Home Violence Shelter entry to a few of its techniques and information,” the indictment mentioned. BitLocker is an encryption device utilized in Home windows.

“YOU HAVE TO CONTACT US IMMEDIATELY”

Victims included small companies, authorities companies, nonprofit applications, academic and non secular establishments, and “a number of crucial infrastructure sectors, together with well being care facilities, transportation providers and utility suppliers,” the DOJ press launch mentioned. The three indicted hackers and co-conspirators “collected funds in Bitcoin and different cryptocurrencies from sure victims that paid the ransom to decrypt their information,” the indictment mentioned.

The Iranians hacked networks in a number of nations, “acquire[ing] unauthorized entry to the pc techniques of a whole bunch of victims in the USA, the UK, Israel, Iran, and elsewhere,” the DOJ mentioned. The US company accused Iran’s authorities of “creat[ing] a secure haven the place cyber criminals performing for private acquire flourish and defendants like these are in a position to hack and extort victims, together with crucial infrastructure suppliers.”

In April 2021, “Nickaein sent a ransom demand communication to the printers” of an Illinois firm referred to as “Accounting Agency 2,” the indictment mentioned. The ransom demand allegedly advised the agency to contact an e-mail account managed by Nickaein and included the next textual content:

Hello!

IF YOU ARE READING THIS, IT MEANS YOUR DATA IS ENCRYPTED AND YOUR PRIVATE SENSITIVE INFORMATION IS STOLEN!

READ CAREFULLY THE WHOLE INSTRUCTIONS TO AVOID ANY PROBLEMS

YOU HAVE TO CONTACT US IMMEDIATELY TO RESOLVE THIS ISSUE AND MAKE A DEAL!

…

We are going to promote your information when you resolve not to pay or strive to get better them.

Earlier than sending the ransom demand, Nickaein hacked into the corporate’s community, “stole information, and launched an encryption assault utilizing BitLocker, thereby denying Accounting Agency 2 entry to sure of its techniques and information,” the indictment mentioned.

This isn’t the primary hacking marketing campaign to use the tactic, generally referred to as “print bombing,” of sending ransom demands to printers on the contaminated community.