2 charged after Hinesville ransomware attack

2 Charged after Hinesville Ransomware Attack

HINESVILLE, GA (WTOC) -Two Iranians are facing federal charges after the FBI says they were behind a nationwide computer hacking scheme targeting hospitals, cities, and public institutions.

The FBI released a map showing the impact of the ransomware attacks in each state. It’s estimated that more than six attacks happened in the state of Georgia.

In a WTOC investigation, we found that includes the City of Hinesville, which was crippled back in February of this year.

U.S. Deputy Attorney General Rod Rosenstein took the stage at a news conference in Washington D.C. on Wednesday.

"Acting from inside Iran, the defendants development and deployed a form of ransomware that they called SamSam,” Rosenstein said.

Investigators says they hijacked computer systems, shutting them down until victims paid a ransom in the form of a bitcoin. SamSam attacks have been reported in all but seven states but the indictment only names a dozen organizations and entities, including the City of Atlanta, Lab Corporation of America, and the Port of San Diego.

In a WTOC investigation, we found that the City of Hinesville also names the SamSam ransomware for encrypting files on the city’s network on Feb. 20.

If you remember, Hinesville City Hall had trouble even getting the word out that day because even their email was compromised. The outage also impacted online payments and job applications. In a public memo that was released in May at a city council meeting, it stated the ransomware demanded $56,000 for the entire network.

The city got the help of two cyber security firms who found "no evidence that the intruders went any further into the network to gather sensitive information. Their findings indicate that the intruders the network and left."

In that same memo, city council members were asked to approve more than $60,000 for immediate and future funding to improve overall network security, which includes more IT training and cloud-based software.

Whether you are among the long list of victims or not, it’s steps like these that Rod Rosenstein says everyone should be taking.

"The events described in this indictment highlight the urgent need for municipalities, public utilities, health care institutions, universities and other public organizations to enhance their cyber security,” Rosenstein said.

The FBI says the two Iranian computer hackers remain fugitives and are believed to still be in Iran.

It’s unclear if the City of Hinesville ever paid the $56,000 in ransom. We’ve attempted to reach out to the mayor and city officials several times. We’re still waiting to hear back.

WTOC confirmed this attack is not related to the malware attack that impacted the City of Savannah back in March.

Copyright 2018 WTOC. All rights reserved.