US ‘sanctions IRGC-Affiliated Cyber Actors’ for Ransomware

The Treasury Department expressed itself similarly in its statement which was entitled, “Treasury Sanctions IRGC-Affiliated Cyber Actors for Roles in Ransomware Activity.”
A police officer stands guard outside the Embassy of the Islamic Republic of Iran in Albania's Tirana on September 7, 2022. (Photo: Genth Shkullaku/AFP)
A police officer stands guard outside the Embassy of the Islamic Republic of Iran in Albania's Tirana on September 7, 2022. (Photo: Genth Shkullaku/AFP)

WASHINGTON DC, United States (Kurdistan 24) – On Wednesday, three US agencies announced a new set of punitive measures against Iranian individuals and entities. The latest measure marks the third such move in a week.

The first two sets of US sanctions were precipitated by Iranian support for Russia and its interests—a particularly significant and sensitive issue since Moscow’s assault on Ukraine began last February.

Read More: US sanctions Iranian companies for drone sales to Russia to use in Ukraine war

Wednesday’s announcements involved malicious cyber activities, particularly ransomware attacks.

“The United States is sanctioning ten individuals and two entities, all affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC), for their roles in conducting malicious cyber acts, including ransomware activity,” US Secretary of State Antony Blinken explained in a statement.

Read More: US sanctions Iran for cyberattack on NATO ally: Albania

The Treasury Department expressed itself similarly in its statement which was entitled, “Treasury Sanctions IRGC-Affiliated Cyber Actors for Roles in Ransomware Activity.”

Such attacks are a crime. The Department of Justice issued indictments in August and unsealed them on Wednesday. The indictments target the three individuals most deeply involved in the ransomware scheme, who were also sanctioned by the Treasury Department.

Finally, the State Department’s “Rewards for Justice” program is offering up to $10 million for information leading to the arrest of each of the three indicted Iranians.

Sanctioned, Indicted Individuals—and their scheme

The three key figures, all of whom are charged with criminal activity, include Ahmad Khatibi Aghda. At 45 years old, Aghda is the oldest of the group. He is the managing director of Afkar System Yazd Company, one of the two entities sanctioned on Wednesday, along with Najee Technology. The Treasury Department identifies both as “IRGC-affiliated companies.”

The 30-year old Amir Hossein Nickaein Rivari, who worked at Afkar system from at least 2015, was also indicted.

So, too, was 34 year-old Mansour Ahmadi, who has worked for Najee Technology since at least 2018 and holds the position of managing director.

In carrying out their scheme, the conspirators would gain access to a computer system. Then using a program like Microsoft’s commercially-available BitLocker, they would encrypt the data and demand a ransom from the victim for the key that would unlock their data.

Among other tricks, the conspirators would lure unsuspecting individuals to a “look-alike” web domain imitating that of “legitimate, well-known, technology companies,” the indictment explains, “in order to deceive victims and disguise” their illegal activities, the indictment explains.

Their victims included a township in New Jersey, as well as an accounting firm in the same state (the indictment was issued in by the New Jersey Attorney’s Office.)

But there were “hundreds of other victims,” the Justice Department said. They include an accounting firm in Illinois; utility companies in Mississippi and Indiana, county government in Wyoming, and others.

Entities in other countries, including Britain, Israel, Iran, itself, and Russia were also targeted, the indictment stated.

The Treasury Department announced sanctions on seven other individuals. All of those individuals worked for the sanctioned Iranian computer companies, Afkar System or Najee Technology.