In line with a recent report ‘published‘, renowned big four consulting and auditing company ‘PwC’ has found Iranian nationals behind Bitcoin [BTC] ransomware scheme named ‘SamSam’ to the cryptocurrency exchange ‘WEX’.
The report analysis is based upon the information that was antecedently ‘disclosed‘ by the United States DoJ [Department of Justice]. As per the department, two Iranians named Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri – were charged for the creation of SamSam. SamSam is a ransomware expecting Bitcoin’s [BTC] and reportedly damaged several United States U.S. based companies, government agencies, universities, and hospitals. In just 34 months, the hackers managed to extort over $6 Mln’s in Bitcoin and caused over $30 Mln in losses.
The U.S. Department of the Treasury’s OFAC [Office of Foreign Assets Control] additionally ‘sanctioned‘ two additional Iranians, Mohammad Ghorbaniyan and Ali Khorashadizadeh. They were allegedly operating Iran-based cryptocurrency exchanges that helped Savandi and Mansouri to exchange the Bitcoin [BTC] extorted via SamSam.
After analyzing wallet addresses and emails provided by the United States government, PwC came to the conclusion that Khorashadizadeh and Ghorbaniyan might be connected to crypto exchange WEX.
WEX was referred to as BTC-e ‘before‘ a rebranding move earlier in Sep 2017. The exchange rebranded so as to distance itself from a money laundering investigation that ‘shuttered‘ BTC-e in July of that very same year. PwC moreover states that BTC-e was concerned in exchanging at least $1.9 Mln’s associated with SamSam:
“BTC-e is thought for its involvement in money laundering of over $4 Bln and is responsible for cashing out 95% of all ransomware payments made from 2014 to 2017 — of which a total sum of around $1.9 Mln came from SamSam ransomware.”
Additionally, PwC cites another ‘investigation‘ that links Bitcoin [BTC] transactions on BTC-e to Russia’s Main Intelligence Directorate of the General Staff [GRU]. The cyber spying group “Fancy Bear” has supposedly been linked to a cyber attack on the Democratic National Committee prior the 2016 U.S. presidential elections.
As reported earlier, Alexander Vinnik, the alleged former operator of defunct BTC-e, was ‘arrested‘ by the Greek police earlier in July 2017 as the Department of Justice accused him of fraud and laundering. Russian human rights officials have also ‘sought‘ Vinnik’s surrender back to his home country following health complications that are the results of a ‘months-long hunger-strike‘.