The defendants, who may still be in Iran, are not in custody.
The FBI said the attacks were part of an increase of such activity from Iran, but officials made no allegation that the government of the country was involved.
The defendants used so-called ransomware to shut down computer systems and then demand payments to restore the systems, according to the federal indictment, which was filed in Newark.
“According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment,” Rosenstein said. “The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”
In June, Atlanta announced it had largely recovered from the March attack, but the Atlanta Police Department said it had lost "years" of dashcam video.
The six-count indictment accuses the defendants of a 34-months-long hacking and extortion scheme using malware called “SamSam Ransomware.” It was capable of forcibly encrypting data on the computers of victims, locking out the victims.
“The City of Atlanta is aware of the U.S. Department of Justice’s indictment related to the March cyber-attack against the City,” a spokesperson for Atlanta Mayor Keisha Lance Bottoms said in a statement Wednesday. “The Administration remains committed to ensuring the ongoing safety and security of the City’s cyber-infrastructure, as well as that of the people of Atlanta.”
The men are accused of seeking out victims who would be most vulnerable and stand to lose the most by being attacked.
Among the more than 200 victims FBI named were hospitals, municipalities, and public institutions. In addition to Atlanta and Newark, other victims were: the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.
Return to ajc.com for more on this developing story.