Image: Morteza Nikoubazl/NurPhoto via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
The victims that received the printed out ransom demands were only identified as an accounting firm, a power company, a domestic violence shelter, and a construction company, according to the indictment. Ahmadi and Khatibi are owners of two respective technology companies in Iran, while Nickaein was an employee of Khatibi’s company, according to the indictment. The three are accused of hacking 10 or more computers during a one-year period to try to extort victims with ransomware, and to steal victims’ data threatening them to publish it. According to the indictment, the three alleged hackers don’t appear to be particularly sophisticated, as they exploited known vulnerabilities, and created domains that were designed to look like the websites of “legitimate, well-known,” tech companies. In some cases, the hackers used Microsoft’s own encryption technology, BitLocker, to encrypt victims’ networks and computers. In at least one case, the one affecting the domestic violence shelter, the hackers were able to collect a ransom of $13,000 in Bitcoin, the feds said. Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.Do you track ransomware hackers and their activities? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com