Authorities on Wednesday charged two Iranian citizens for the ransomware cyber attack Attack.Ransom that hobbled the city of Atlanta ’ s computer network in March , and the federal indictment outlines the pair ’ s massive nationwide scheme to breach computer networks of local governments , health care systems and other public entities . The defendants , Faramarz Shahi Savandi , 34 , and Mohammad Mehdi Shah Mansouri , 27 , are alleged to have developed the SamSam ransomware , malicious software that encrypts data until the infected organizations paid ransom Attack.Ransom . All told , the pair inflicted harm on more than 200 victims across the country and collected roughly $ 6 million in ransom Attack.Ransom over a three year period dating back to 2015 . Their scheme caused over $ 30 million in losses to various entities , according to federal authorities . The hack to city of Atlanta computers in March crippled city business for days . One internal report that surfaced in August estimated the damage to the city could cost up to $ 17 million . “ We ’ re glad that these people will be brought to justice , ” Mayor Keisha Lance Bottoms told Channel 2 Action News . “ Hopefully this will stop another municipality from experiencing what we did. ” “ The defendants allegedly hijacked victims ’ computer systems and shut them down until the victims paid a ransom Attack.Ransom , ” said Deputy Attorney General Rod Rosenstein , speaking at a press conference in Washington D.C. “ Many of the victims were public agencies with missions that involve saving lives and performing other critical functions for the American people. ” The two men are not in U.S. custody , and Iran has no extradition treaty with the U.S . But Justice Department officials expressed confidence that the Savandi and Mansouri ’ s travel patterns would subject them to being captured . Atlanta officials have repeatedly denied paying Attack.Ransom the $ 51,000 in ransom demanded Attack.Ransom by the hackers and the 26-page federal indictment released Wednesday doesn ’ t directly address which cities and entities paid ransom Attack.Ransom . Brian Benczkowski , an assistant attorney general for the U.S. Justice Department , told reporters on Wednesday that the agency wouldn ’ t identify which victims paid Attack.Ransom the attackers . A city of Atlanta spokesperson on Wednesday said again that no one acting on the city ’ s behalf , including its insurance carrier , paid any ransom Attack.Ransom . But the indictment has two references to Atlanta and it raises questions about whether or not the city paid ransom Attack.Ransom . The indictment describes the March 22 assault Attack.Ransom on Atlanta ’ s network and the effort by the two men to demand ransom Attack.Ransom . In one paragraph , the indictment says they demanded ransom Attack.Ransom from Atlanta in Bitcoin payments in exchange for encryption keys to recover the city ’ s compromised data . The next paragraph says that on April 19 , Savandi “ received funds associated with ransom proceeds Attack.Ransom , which were converted into Iranian rial and deposited by ” an currency exchanger . The indictment does not say if those proceeds were associated with the Atlanta attack . But Ralph Echemendia , a computer hacking consultant who advises corporations on cyber security , said he read the indictment and thinks the payment was associated with the Atlanta attack because it would be one way that federal agents connected the breach to Savanda and Mansouri . The indictment describes how the two men demanded payments Attack.Ransom in bitcoins , a so-called crypto currency , and in Atlanta ’ s case , the demand Attack.Ransom equaled roughly $ 50,000 . “ The moment you try and turn it into dollars , euros or any kind of real currency it has to go through an exchange , ” Echemendia said . “ At that point the exchange would have to work with law enforcement … ultimately that is going to wind up in somebody ’ s back account. ” The Justice Department declined to answer a question from the AJC about whether April 19 exchange of bitcoins into Iranian rial described in the indictment was related to Atlanta ’ s attack . Tony UcedaVelez , CEO of Versprite , an Atlanta based security services said the language in the indictment does make it seem a ransom was paid Attack.Ransom on the city ’ s behalf . But he said it could have been made by someone in law enforcement hoping the funds would lead to the attackers . UcedaVelez also pointed to an attachment in the indictment that indicated someone associated with the city had followed the attackers ’ initial instructions . The indictment included a ransom note to Newark instructing it on how to download a Tor network browser and visit the attackers ’ website where victims could upload two files to be decrypted as a demonstration . Newark paid its ransom Attack.Ransom of roughly $ 30,000 . Another attachment shows the ransom website the attackers created for the city of Atlanta on the Tor network . To get there , someone would have had to download the Tor browser . And it appeared they had uploaded a couple of files for the demonstration . “ Files available to decrypt : 2 , ” read a statement on the site .

Israel-based cyber security firm Check Point has detected a malware that is not downloaded due to users ’ use but is already present in Android device . According to a company blog post last week , the pre-installed malware was detected in 38 Android devices , belonging to a large telecommunications company and a multinational technology company . “ The malicious apps were not part of the official ROM supplied by the vendor , and were added somewhere along the supply chain , ” the company said . The malware added to the devices ’ ROM could not be removed by the users , therefore , the devices had to be re-flashed . The research team at Check Point found that one of the pre-installed malwares was Slocker , a mobile ransomware , that uses the Advanced Encryption Standard ( AES ) encryption algorithm to encrypt all files on the device and demand ransom Attack.Ransom in return for their decryption key . “ The most notable rough adnet which targeted the devices is the Loki Malware . This complex malware operates by using several different components ; each has its own functionality and role in achieving the malware ’ s malicious goal , ” the cyber security firm said . Pre-installed malwares steal Attack.Databreach data from the devices and are installed to system , taking full control of the device . The cyber security firm suggested users to protect themselves from regular and pre-installed malware by implementing advanced security measures capable of identifying and blocking any abnormality in the device ’ s behaviour

A flaw in popular messenger apps WhatsApp and Telegram , which could allow hackers to gain access to hundreds of millions of accounts using the very encryption software designed to keep them out , has been discovered Vulnerability-related.DiscoverVulnerability by cyber security firm Check Point . The Israeli multinational said it was concerned about vulnerabilities in the messaging apps , following WikiLeaks ’ ‘ Vault 7 ’ release of more than 8,500 CIA documents . “ One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp , Telegram and other end-to-end encrypted chat applications , ” the company said in a blog post . These online versions mirror all messages sent and received by a user ’ s mobile device , which deploys end-to-end encryption so that only those sending and receiving messages can view the content . Hackers could gain access to a user ’ s account , however , by booby-trapping a digital image with malicious code which would be activated once the image is viewed . The code could then spread like a virus by sending infected messages to a user 's contacts . “ This means that attackers could potentially download your photos and or post them online , send messages on your behalf , demand ransom Attack.Ransom , and even take over your friends ’ accounts , ” they added . Check Point said Vulnerability-related.DiscoverVulnerability it alerted Vulnerability-related.DiscoverVulnerability both companies to the problem last week and waited for the issues to be resolved Vulnerability-related.PatchVulnerability before making it public . Both companies have said they ’ ve since patched the problem . “ Thankfully , WhatsApp and Telegram responded quickly Vulnerability-related.DiscoverVulnerability and responsibly to deploy the mitigation against exploitation of this issue in all web clients , ” Check Point Head of Product Vulnerability Oded Vanunu said . The company has advised , however , that WhatsApp and Telegram web users should restart their browser to ensure they ’ re using the latest versions of the service

Mere days after thousands of MongoDB databases were hit by ransomware attacks Attack.Ransom , cybercriminals have set their sights on ElasticSearch servers , according to reports . Hackers have reportedly hijacked insecure servers exposed Vulnerability-related.DiscoverVulnerability to the internet with weak and easy-to-guess passwords . ElasticSearch is a Java-based search engine , commonly used by enterprises for information cataloguing and data analysis . According to security researcher Niall Merrigan , who has been monitoring the attacks Attack.Ransom , the cybercriminals are currently closing in on around 3,000 ElasticSearch servers . Merrigan told IBTimes UK : `` We found the first one on the 12th of Jan and then started tracking the different IOCs ( Indicators Of Compromise ) . The first actor has levelled off and looks like it has stopped . However , a second and third actor have joined in and are continuing to compromise servers . `` Attackers are finding open servers where there is no authentication at all . This can be done via a number of services and tools . Unfortunately , system admins and developers have been leaving these unauthenticated systems online for a while and attackers are just picking off the low hanging fruit right now . '' The recent MongoDB attacks Attack.Ransom saw hackers demand ransom Attack.Ransom and erasing data to ensure victims ' compliance . In the ongoing ElasticSearch attacks Attack.Ransom , the cybercriminals demand a ransom Attack.Ransom of 0.2 Bitcoins , according to a report by BleepingComputer . However , according to Merrigan , $ 20,000 in Bitcoins have already been paid Attack.Ransom by victims of the MongoDB attack Attack.Ransom . Despite paying the ransom Attack.Ransom , the victims have not received their data back . `` So in this case it is a scam , '' the researcher said .