U.S. Sanctions IRGC-linked Group for Cybercrimes

On September 14, the United States sanctioned 10 Iranian men and two companies for hacking computer systems and installing ransomware, which can prevent victims from getting access to their files and data unless they pay a ransom to the hackers. “Ransomware actors and other cybercriminals target businesses and critical infrastructure and threaten the physical security and economy of the United States and other nations,” Secretary of State Antony Blinken said in a statement.

The individuals and firms designated by Treasury have reportedly been linked to the Islamic Revolutionary Guard Corps (IRGC). “This group has launched extensive campaigns against organizations and officials worldwide,” Treasury said in a statement. The targets included U.S. and Middle Eastern defense, diplomatic, and government personnel as well as private industries including media, energy, business services, and telecommunications.

Ransomware is a growing problem for the United States. Reported ransomware payments reached $590 million in 2021, compared to $416 million in 2020, according to the Treasury.

The new sanctions were part of a joint action with the Department of Justice, Department of State, Federal Bureau of Investigation, U.S. Cyber Command, National Security Agency, and Cybersecurity and Infrastructure Security Agency.

Concurrently, the State Department offered up to $10 million for information on three of the men designated by Treasury – Mansour Ahmadi, Ahmad Khatibi Aghda and Amir Hossein Nickaein Ravari.

On the same day, the Justice Department charged Ahmadi, Khatibi and Nickaein for a scheme to hack computer systems of hundreds of victims in the United States, Britain, Israel, Iran, and elsewhere. stole data and installed ransomware after gaining access to protected systems. In the United States, the victims included the small businesses and government agencies as well health care centers, transportation services and utility providers.

“The Government of Iran has created a safe haven where cyber criminals acting for personal gain flourish and defendants like these are able to hack and extort victims, including critical infrastructure providers,” Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said in a statement.

Ahmadi, Khatibi and Nickaein were charged with:

  • one count of conspiring to commit computer fraud and related activity in connection with computers (maximum sentence of five years in prison)
  • one count of intentionally damaging a protected computer (maximum sentence of 10 years in prison)
  • and one count of transmitting a demand in relation to damaging a protected computer (maximum sentence of five years in prison)

Ahmadi was charged with one additional count of intentionally damaging a protected computer. The offenses also carried a potential maximum fine of $250,000 or twice the gross amount of gain or loss resulting from the offense, whichever is greatest. All the defendants remained at large abroad.