WASHINGTON -- The Justice Department said Wednesday that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.
The charges accuse the hacking suspects of targeting hundreds of entities in the U.S. and around the world, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made. In some cases, the victims made those payments, the department said.
The Biden administration has tried to go after hackers who have held U.S. targets essentially hostage, often sanctioned or sheltered by adversaries.
The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast.
Iran-based hackers have also been a focus over the last year, with the FBI last year thwarting a planned cyberattack on a children's hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government.
"The cyber threat facing our nation is growing more dangerous and complex every day," FBI Director Christopher Wray said in a statement accompanying the indictment unsealed Wednesday. "Today's announcement makes clear the threat is both local and global. It's one we can't ignore and it's one we can't fight on our own, either."
The hackers named in Wednesday's indictment are not believed to have been working on behalf of the Iranian government but instead for their own financial gain, and some of the victims were even in Iran, according to a senior Justice Department official who briefed reporters on the case on the condition of anonymity under ground rules set by the department.
But the official said the activity, even if not directed by the Iranian government, exists because the regime permits hackers to largely operate with impunity.
In a related action Wednesday, the Treasury Department's Office of Foreign Assets Control sanctioned 10 individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps who it says have been involved in malicious cyber activities, including ransomware. The Treasury Department identified the three defendants in the Justice Department case as employees of a technology firm it says is affiliated with the Revolutionary Guard.
Information for this article was contributed by Fatima Hussein, Ellen Knickmeyer and Frank Bajak of The Associated Press.