Authorities on Wednesday charged two Iranian citizens for the ransomware cyber attack Attack.Ransom that hobbled the city of Atlanta ’ s computer network in March , and the federal indictment outlines the pair ’ s massive nationwide scheme to breach computer networks of local governments , health care systems and other public entities . The defendants , Faramarz Shahi Savandi , 34 , and Mohammad Mehdi Shah Mansouri , 27 , are alleged to have developed the SamSam ransomware , malicious software that encrypts data until the infected organizations paid ransom Attack.Ransom . All told , the pair inflicted harm on more than 200 victims across the country and collected roughly $ 6 million in ransom Attack.Ransom over a three year period dating back to 2015 . Their scheme caused over $ 30 million in losses to various entities , according to federal authorities . The hack to city of Atlanta computers in March crippled city business for days . One internal report that surfaced in August estimated the damage to the city could cost up to $ 17 million . “ We ’ re glad that these people will be brought to justice , ” Mayor Keisha Lance Bottoms told Channel 2 Action News . “ Hopefully this will stop another municipality from experiencing what we did. ” “ The defendants allegedly hijacked victims ’ computer systems and shut them down until the victims paid a ransom Attack.Ransom , ” said Deputy Attorney General Rod Rosenstein , speaking at a press conference in Washington D.C. “ Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people. ” The two men are not in U.S. custody , and Iran has no extradition treaty with the U.S . But Justice Department officials expressed confidence that the Savandi and Mansouri ’ s travel patterns would subject them to being captured . Atlanta officials have repeatedly denied paying Attack.Ransom the $ 51,000 in ransom demanded Attack.Ransom by the hackers and the 26-page federal indictment released Wednesday doesn ’ t directly address which cities and entities paid ransom Attack.Ransom . Brian Benczkowski , an assistant attorney general for the U.S. Justice Department , told reporters on Wednesday that the agency wouldn ’ t identify which victims paid Attack.Ransom the attackers . A city of Atlanta spokesperson on Wednesday said again that no one acting on the city ’ s behalf , including its insurance carrier , paid any ransom Attack.Ransom . But the indictment has two references to Atlanta and it raises questions about whether or not the city paid ransom Attack.Ransom . The indictment describes the March 22 assault Attack.Ransom on Atlanta ’ s network and the effort by the two men to demand ransom Attack.Ransom . In one paragraph , the indictment says they demanded ransom Attack.Ransom from Atlanta in Bitcoin payments in exchange for encryption keys to recover the city ’ s compromised data . The next paragraph says that on April 19 , Savandi “ received funds associated with ransom proceeds Attack.Ransom , which were converted into Iranian rial and deposited by ” an currency exchanger . The indictment does not say if those proceeds were associated with the Atlanta attack . But Ralph Echemendia , a computer hacking consultant who advises corporations on cyber security , said he read the indictment and thinks the payment was associated with the Atlanta attack because it would be one way that federal agents connected the breach to Savanda and Mansouri . The indictment describes how the two men demanded payments Attack.Ransom in bitcoins , a so-called crypto currency , and in Atlanta ’ s case , the demand Attack.Ransom equaled roughly $ 50,000 . “ The moment you try and turn it into dollars , euros or any kind of real currency it has to go through an exchange , ” Echemendia said . “ At that point the exchange would have to work with law enforcement … ultimately that is going to wind up in somebody ’ s back account. ” The Justice Department declined to answer a question from the AJC about whether April 19 exchange of bitcoins into Iranian rial described in the indictment was related to Atlanta ’ s attack . Tony UcedaVelez , CEO of Versprite , an Atlanta based security services said the language in the indictment does make it seem a ransom was paid Attack.Ransom on the city ’ s behalf . But he said it could have been made by someone in law enforcement hoping the funds would lead to the attackers . UcedaVelez also pointed to an attachment in the indictment that indicated someone associated with the city had followed the attackers ’ initial instructions . The indictment included a ransom note to Newark instructing it on how to download a Tor network browser and visit the attackers ’ website where victims could upload two files to be decrypted as a demonstration . Newark paid its ransom Attack.Ransom of roughly $ 30,000 . Another attachment shows the ransom website the attackers created for the city of Atlanta on the Tor network . To get there , someone would have had to download the Tor browser . And it appeared they had uploaded a couple of files for the demonstration . “ Files available to decrypt : 2 , ” read a statement on the site .

No one likes to have their company hacked . No one is going to be happy if hackers manage to break into systems and steal Attack.Databreach away their intellectual property . In the case of companies like Disney , having a $ 230 million blockbuster like the latest Pirates of the Caribbean movie stolen Attack.Databreach could prove to be very costly if hackers follow through with their threats to seed their pirated copy of the film on torrent sites , disrupting its official release . But imagine how much more galling it would be to give in to the hackers ’ blackmail Attack.Ransom threats and pay a ransom Attack.Ransom for the movie not to be leaked online , only to discover later that the extortionists never had a copy of the film in the first place ? Earlier this month it was widely reported that Walt Disney ’ s CEO Bob Iger had been contacted by hackers who were threatening to release one of the studio ’ s movies onto the internet unless a ransom was paid Attack.Ransom . Iger didn ’ t say what movie the hackers claimed to have stolen Attack.Databreach , but it was widely thought to be the soon to be released “ Pirates of the Caribbean : Dead Men Tell No Tales. ” That theory of the hacked movie ’ s identity certainly gained more momentum when it was reported that torrents had been spotted on Pirate Bay claiming to be the blockbuster starring Johnny Depp , Javier Bardem and Geoffrey Rush . However , none of those downloadable torrents were confirmed to contain the “ Pirates of the Caribbean ” movie . And in a video interview with Yahoo Finance , Disney ’ s CEO debunked claims that a movie had ever been stolen Attack.Databreach : “ To our knowledge we were not hacked . We had a threat of a hack Attack.Databreach of a movie being stolen Attack.Databreach . We decided to take it seriously but not react in the manner in which the person who was threatening us had required . We don ’ t believe that it was real and nothing has happened. ” In short , Disney says that it was not accurate that a movie was ever stolen Attack.Databreach , and it refused to pay the ransom demand Attack.Ransom to the extortionists . And that , in itself , may be a lesson for other companies to keep a cool head when they receive an extortion demand Attack.Ransom claiming that intellectual property or sensitive data has been stolen Attack.Databreach by hackers . Obviously all threats should be taken seriously , and you should explore appropriately whether it is possible a security breach has genuinely occurred , review the security of your systems , and inform law enforcement agencies as appropriate . But don ’ t be too quick to pay Attack.Ransom the criminals who are making threats against you . If you can , seek evidence that the hackers have what they claim to have , rather than reaching first for your wallets . It ’ s perfectly possible that some extortionists are simply jumping on the bandwagon of high profile hacks in an attempt to trick you into believing your company is the latest victim . Keep a cool head when your company receives a threat , or else you might find yourself in deep water , swimming with the hungry fishes .