UPDATE: Two Iranian nationals have been charged for the ransomware attack in March on the City of Atlanta.

"In March 2018, a devastating ransomware attack interrupted City of Atlanta government functions and disrupted our community,” U.S. Attorney Byung J. “BJay” Pak said. “In the days following the attack, local law enforcement officials worked tirelessly to respond to the incident and collect investigative information that was passed on to our counterparts leading the groundbreaking investigation into the SamSam ransomware attacks."

A federal grand jury indicted Faramarz Shahi Savandi, 27, and Mohammed Mehdi Shah Mansouri, 34, for committing the attack.

"This indictment, which is in coordination with the U.S. Attorney’s Office for the District of New Jersey and the Computer Crime and Intellectual Property Section of the U.S. Department of Justice, vindicates the City of Atlanta’s interest in ensuring that those responsible for the attacks face justice here as well,” Pak said.

Pak explained that the suspects used a type of malware referred to as SamSam Ransomware in the attack. The ransomware affected around 3,789 computers that belonged to the city and made it impossible for information stored on them to be accessed without a decryption key.

"The ransom note demanded .8 Bitcoin to decrypt each affected computer or six Bitcoin to decrypt all affected computers," Pak explained. 

The ransom note included a link to the dark web where the city could pay the ransom, but the website where the decryption key could be found become inaccessible. The city did not pay the ransom.

Savandi and Mansouri were charged "with intentional damage to protected computers located in Atlanta that caused losses exceeding $5,000, affected more than 10 protected computers, and that threatened the public health and safety," a spokesperson for Pak explained.

The two were also charged in the U.S. District Court for the District of New Jersey with "one count of conspiracy to commit wire fraud, one count of conspiracy to commit fraud and related activity in connection with computers, two substantive counts of intentional damage to a protected computer located in New Jersey, and two substantive counts of transmitting a demand in relation to damaging a protected computer located in New Jersey."

Pak would like to remind everyone that the suspects are presumed innocent until proven otherwise.


PREVIOUS STORY: It’s day four since the ransomware attack on the city of Atlanta and many of its computer systems are still shut down.

The cybercriminals are demanding $51,000 to unlock the system, and one security expert believes the public deserves more answers.

"It’s tough to say where we are because the city of Atlanta is not being very forthcoming," said Andy Green, a lecturer of information and security at Kennesaw State University, adding the city’s silence is very concerning.

We don't know if they are actually fighting the infection,” Green said. “We don't know if they're in recovery mode."

Early Thursday morning, the city learned ransomware had taken control of some of its systems. Employees were ordered to immediately shut down and unplug their work computers.

"This is certainly a very serious issue that is facing the city of Atlanta," said Mayor Keisha Lance Bottoms. The city has not paid the ransom as of yet, and Green said the public needs to know what the city of Atlanta is doing.

"Such as the number of systems currently infected, number of servers currently infected, number of personnel currently working on the issue,” Green said. “They just haven't shared any details at all."

On Thursday, the mayor assured the public, employees and retirees their personal information wasn’t targeted, but there’s been no word if that information has been compromised since then.

Green said usually cybercriminals will unlock the systems if payment is made, but he warns, be careful, as these criminals are ruthless.

"But if they're not sure how the bad actors got into the network then you run the real risk of paying and then turning right around in a few days and being subjected to the same type of attack again," Green said.

Read more at WXIA's website.