US’s OFAC slaps sanctions on people and businesses linked to Iranian ransomware group.
The US’s Treasury Office of Foreign Assets Control (OFAC) has issued sanctions against 10 people and two companies for being associated with an Iranian ransomware group that is tied to the country’s Islamic Revolutionary Guard Corps (IRGC). The watchdog has also blocked their Bitcoin wallet.
The individuals and entities is alleged to have participated in coordinated ransomware attacks that have targeted an array of US-based companies and organizations since 2020. Treasury officials highlighted that the Iranian group’s targets included a children’s hospital, a city in New Jersey, a rural electric utility company, and other businesses. The individuals slapped with sanctions are employees or associates of Najee Technology Hooshmand Fater LLC and Afkar System Yazd Company.
The OFAC through its sanctions prevents American citizens and companies from interacting or engaging in businesses with them. The Treasury said three of the individuals – Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari – have been charged in connection with the ransomware attack. Moreover, the state of New Jersey is offering rewards up to $10 million for information tied to those individuals.
Brian E. Nelson, the Under Secretary of the Treasury for Terrorism and Finance Intelligence, said ransomware actors and other cybercriminals have targeted businesses and critical infrastructure across the board. It has directly threatened the physical security and economy of the United States and other nations. Nelson said the Treasury will continue to take coordination action with global partners to combat and deter ransomware threats, including those associated with the IRGC.
The official statement revealed that reported ransomware payments in the United States reached over $590 million in 2021, compared to a total of $416 million in 2020. The payments represent just a fraction of the economic harm caused by malicious cyber activities. The IRGC-affiliated group is known to exploit software vulnerabilities to carry out its ransom activities and engage in unauthorized computer access, data exfiltration, and other malicious cyber activities.