Hackers used sophisticated operation to target U of C in 2016

An investigator who helped catch two hackers in Iran who made a $20,000 ransom demand from the University of Calgary says it was a sophisticated operation.

"They would use encryption to conceal themselves. They used Tor and Bitcoin to allow for payments that could not be easily traced," said James Silver, deputy chief for litigation in the computer crime and intellectual property section of the U.S. Department of Justice.

"They relied on particular software exploits to get into victim systems. They conducted their attacks outside of normal victim business hours."

The FBI says "SamSam" ransomware was used to infiltrate computer networks in Atlanta, San Diego and Newark, N.J., as well as major health-care providers, the University of Calgary and other institutions.

Investigators allege the malware encrypted data and files, and the suspects demanded payment to restore access to affected systems in what the FBI called "21st-centuryblackmail."

• FBI charges men in 2016 ransomware attack on University of Calgary

The agency estimates the cyberattacks caused $30 million in damage to public and private institutions and that $6 million in ransom payments were extorted.

The U of C paid$20,000 to the hackers in 2016.

Accused remain overseas

Faramarz Savandi and Mohammad Mansouri are each now charged with conspiracy to commit wire fraud, conspiracy to commit fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.

But because the men remain overseas, they are out of reach of U.S. and Canadian law enforcement.

Silver adds he's not sure if the government of Iran will co-operate in pressing charges against the pair.

"Here we have attackers who chose their ransom demand carefully but also were targeting victims that could not afford to be offline, perhaps not so much because of their profit motivations, some of them were non-profits, but because of the important mission they served," he said.

"If you are running a hospital, if you are running a city, downtime can mean can mean loss of life."

Even if Iran doesn't co-operate in charging the men, Silver says they could still face extradition if they travel out of that country.

• MORE CALGARY NEWS|Scammers exploit credit card terminals at Calgary sex show
• MORE CALGARY NEWS|Salvation Army Kettle Campaign now takes debit and credit in Calgary
• Read more articles byCBC Calgary, like us onFacebookfor updates and subscribe to ourCBC Calgary newsletterfor the day's news at a glance