U. S. Attorney in Atlanta: City didn’t pay cyber attack ransom

March 23, 2018 Atlanta: Employees at Atlanta City Hall were handed instructions as they come through the front doors to not turn on computers or log on to their workstations on Friday March 23, 2018. Friday's action comes as city officials are struggling to determine how much sensitive information may have been compromised in a Thursday cyber attack. The city has also received demands that it pay a ransom of an unspecified amount, officials confirmed. But officials had yet to make a determination if it would pay the ransom. Hartsfield-Jackson International took down the wi-fi at the world's busiest airport after a cyber attack on the city. The Atlanta airport's website said after the cyber attack that security wait times and flight information may not be accurate. JOHN SPINK/JSPINK@AJC.COM

March 23, 2018 Atlanta: Employees at Atlanta City Hall were handed instructions as they come through the front doors to not turn on computers or log on to their workstations on Friday March 23, 2018. Friday's action comes as city officials are struggling to determine how much sensitive information may have been compromised in a Thursday cyber attack. The city has also received demands that it pay a ransom of an unspecified amount, officials confirmed. But officials had yet to make a determination if it would pay the ransom. Hartsfield-Jackson International took down the wi-fi at the world's busiest airport after a cyber attack on the city. The Atlanta airport's website said after the cyber attack that security wait times and flight information may not be accurate. JOHN SPINK/JSPINK@AJC.COM

The U. S. Attorney's office for North Georgia on Wednesday confirmed that the City of Atlanta did not pay a ransom to the two Iranian men accused of infiltrating the city's computer network in a cyber attack in March.

In a press release announcing a new indictment in Atlanta against the two men, Byung J. “BJay” Pak, U. S. Attorney for the Northern District of Georgia, cleared up questions about whether the city paid ransom. The release by Paks’ office said a website the two Iranians had set up for Atlanta to pay the ransom became inaccessible and that no one from the city paid a ransom.

The two men, Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri, were also indicted  last week in New Jersey where they mounted a similar attack against the city of Newark. Newark paid a ransom of roughly $30,000.

Atlanta officials have repeatedly denied paying the $51,000 in ransom demanded by the hackers and the 26-page federal indictment released last week didn't identify which cities and entities paid ransom. At a press conference in Washington D. C. last week, officials with U. S. Department of Justice wouldn't say which victims paid the attackers who collected roughly $6 million in ransom over a three-year period dating back to 2015.

A city of Atlanta spokesperson reiterated last week that no one acting on the city’s behalf, including its insurance carrier, paid any ransom.

But wording in the New Jersey indictment had left open the question of whether Atlanta or someone acting on the city’s behalf paid a ransom.

The document described the March 22 assault that crippled Atlanta's network and the effort by the two men to demand ransom. In one paragraph, the indictment said they demanded ransom from Atlanta in Bitcoin payments in exchange for encryption keys to recover the city's compromised data.

The next paragraph said that on April 19, Savandi “received funds associated with ransom proceeds, which were converted into Iranian rial and deposited by” an currency exchanger. Pak’s release Wednesday appeared to be an effort to clear up any doubt about a possible Atlanta ransom payment.

Authorities said there’s no indication the two attackers were acting in concert with the Iranian government.

The two men are not in U.S. custody, and Iran has no extradition treaty with the U. S. But Justice Department officials have expressed confidence that the Savandi and Mansouri’s travel patterns would subject them to being captured.

All told, the pair inflicted harm on more than 200 victims across the country, including health care companies, city governments and state agencies. Their scheme caused over $30 million in losses to various entities, according to federal authorities.

The attacks used "SamSam" ransomware, a type of malware which encrypts files of infected computers and demands a ransom. Authorities said Wednesday that the attack on Atlanta infected approximately 3,789 computers.

In the release Wednesday, Pak said the indictment in Atlanta “vindicates the City of Atlanta’s interest in ensuring that those responsible for the attacks face justice here as well.”