The U.S. Department of Justice reports two Iranian men have been indicted on charges of having executed the 34-month-long international computer hacking and extortion scheme involving the “SamSam” ransomware. The six-count indictment alleges that the two men, acting from inside Iran, created the first version of the SamSam in December 2015, and developed refined versions in June and October 2017. They used sophisticated online reconnaissance techniques (such as scanning for computer network vulnerabilities) and conducted online research to select and target potential victims. The men also disguised their attacks to appear like legitimate network activity. They employed Tor, a computer network designed to facilitate anonymous communication over the internet. And they maximized the damage caused to victims by launching attacks outside regular business hours, when a victim would find it more difficult to mitigate the attack, and by encrypting backups of the victims’ computers. This was intended to – and often did –  cripple the regular business operations of the victims, according to the indictment. The more than 200 victims of SamSam ransomware included hospitals, municipalities, and public institutions, which together suffered more than $30 million in losses The most recent ransomware attack against a victim alleged in the indictment took place on September 25, 2018. U.S. Department of Justice.