US Blacklists Bitcoin Addresses of Iranians Behind SamSam Ransomware

Readers may remember the SamSam ransomware attack, which cost everyday computer users a total of at least $6 million in BTC, as reported back in August.

Today the US Treasury announced that it had uncovered the names of two Iranians who helped turn the bitcoins acquired in the scam into Iranian currency for the attackers. Their names are Ali Khorashadizadeh and Mohammad Ghorbaniyan. It is now illegal for any US person or business to do business with these two individuals, even if they travel to a country outside of Iran. As a result of the re-imposition of sanctions on Iran, it is illegal to do business in Iran anyhow, but these individuals specifically have earned a place on the Treasury’s Specially Designated Nationals list, and thus even when sanctions are eventually removed, they, in particular, are off-limits for any American.

For the first time, the Treasury also designated the Bitcoin addresses used by the Iranians, which were 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V and were used over 7,000 times collectively since 2013. The first address noted has received more than 10,000 BTC altogether. Treasury does not apparently understand the nature and ease of creating new addresses, but the rest of the sanctions apply in any case.


Share this: