Home / Crypto Currency / US Blacklists Bitcoin Addresses of Iranians Behind SamSam Ransomware

US Blacklists Bitcoin Addresses of Iranians Behind SamSam Ransomware

us treasury department bitcoin blacklist iran


CCN is expanding. Are you our next full-time journalist from the West Coast USA? Send us your CV and examples here.

Readers may remember the SamSam ransomware attack, which cost everyday computer users a total of at least $6 million in BTC, as reported back in August.

Today the US Treasury announced that it had uncovered the names of two Iranians who helped turn the bitcoins acquired in the scam into Iranian currency for the attackers. Their names are Ali Khorashadizadeh and Mohammad Ghorbaniyan. It is now illegal for any US person or business to do business with these two individuals, even if they travel to a country outside of Iran. As a result of the re-imposition of sanctions on Iran, it is illegal to do business in Iran anyhow, but these individuals specifically have earned a place on the Treasury’s Specially Designated Nationals list, and thus even when sanctions are eventually removed, they, in particular, are off-limits for any American.

For the first time, the Treasury also designated the Bitcoin addresses used by the Iranians, which were 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V and were used over 7,000 times collectively since 2013. The first address noted has received more than 10,000 BTC altogether. Treasury does not apparently understand the nature and ease of creating new addresses, but the rest of the sanctions apply in any case.

Do Not Send or Receive Bitcoins To or From These Addresses

Regardless of whether a transaction is denominated in a digital currency or traditional fiat currency, OFAC compliance obligations are the same.

To wit: US persons are advised not to have any coins going to or from these addresses, or any addresses owned or controlled by Ali Khorashadizadeh and Mohammad Ghorbaniyan.

Treasury is specifically concerned with US exchanges and persons transacting with Iranians now that the sanctions have been put in place. They say they will “aggressively” crack down on the efforts of Iran and other countries to acquire US dollars and subvert banking blockades through the use of digital currencies. It notes that some US-based exchanges were participant in previous actions of the scammers, but has not announced any further enforcement on those grounds.

Not much is known about the individuals in question besides their transaction histories. The fact that they were using these addresses two years before the ransomware went live in 2015 indicates that they were probably exchanging coins prior to that. Their primary involvement seems to have been the exchanging of Bitcoin for Iranian fiat, called the Rial (currently worth about $0.000024).

The government is amping up its efforts against Iran, noting in its own press release:

Today’s action marks the fourth round of U.S. sanctions targeting the Iranian regime this month. Under this Administration, in less than two years, OFAC has sanctioned more than 900 individuals, entities, aircraft, and vessels, including for a range of activities related to Iran’s support for terrorism, ballistic missile program, weapons proliferation, cyberattacks, transnational criminal activity, censorship, and human rights abuses. This marks the highest-ever level of U.S. economic pressure targeting the Iranian regime. This sanctions pressure campaign is designed to blunt the broad spectrum of the Iranian regime’s malign activities and compel the regime to change its behavior.

Ransomware activity seems to have died down in the past several months, likely due to anti-virus software catching up to the methods used to insert it.

Following the first writing of this article, the Department of Justice issued indictments of two other Iranian men, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri for having launched the ransomware attack itself, lending truth to the understanding that the men discussed in this article are merely the fence used by the actual scammers for the ill-begotten bitcoins.

Featured image from Shutterstock.

Get Exclusive Crypto Analysis by Professional Traders and Investors on Hacked.com. Sign up now and get the first month for free. Click here.
Read more

Check Also

More & More UK Students Purchase and Resell Drugs Bought on the Darknet

Most people see the internet as a great tool to make money. Whether it is by freelancing, selling on auction sites, or speculating on cryptocurrency, the opportunities are virtually limitless. One interesting trend in the UK is a major cause for concerns. Undergraduates are currently exploring more dangerous revenue streams, especially when it comes to selling drugs bought on the darknet. Reselling Darknet Goods is Profitable No one has ever doubted buying and selling goods and services on and from the darknet can be quite profitable. This is especially true when it comes to less legitimate offerings, such as weapons, drugs, and other things. Several students across the United Kingdom are currently exploring options in the drug trade, albeit with a bit of an interesting – and worrisome – twist. To put this into perspective, students have shown a growing interest in buying drugs from the deepweb. That in itself is an extremely worrisome trend first and foremost, yet it is only the beginning of what comes after. More specifically, these students are actively reselling these drugs on their university campus for a profit. It is not entirely surprising to learn schools and universities are home to a thriving drug market, for a wide variety of reasons. Rather than relying on typical street corner dealers, these students get their goods online. This makes it easier for them to obtain the narcotics in question, as well as net hefty profits of up to 700% in quick succession. It is this profit which seems to be of great interest to students looking to make ends meet. The allure of making thousands of pounds every month will undoubtedly attract even more attention moving forward. Considering how this trend has already gotten on the radar of UK police officials, it seems a major crackdown will occur sooner rather than later. At the same time, one has to keep in mind it can be incredibly difficult to identify the drug dealers in this day and age. The darknet allows users to remain anonymous. Moreover, the students engaging in this activity are often those who put in a lot of effort in terms of studies and legitimate jobs alike. As is always the case when incidents like these occur, no one has an idea of the full scope of this drug circuit. Although Durham University has been publicly named in the preliminary reports, it is safe to assume other universities will be home to a similar “industry” at this time. After all, activity on the darknet has been on the rise globally for several years now. It is only normal those who want to make quick money feel drawn to exploring criminal business models. For the time being, it remains a bit unclear what the next course of action is. Durham seemingly has suffered from an influx of drug vendors, especially those who buy the goods off the darknet. As such, going after the dealers in the city makes a lot of sense, although it will not address the problem in terms of those selling drugs on the darknet itself. That will remain a bigger problem which is tricky to address right now. The post More & More UK Students Purchase and Resell Drugs Bought on the Darknet appeared first on NullTX.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.