Iranians indicted in cyber attack on Atlanta

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are wanted by the FBI.

Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, are wanted by the FBI.

Two Iranian citizens have been indicted for a series of cyber attacks across America, including the March assault of the city of Atlanta’s computer systems, according to an FBI announcement Wednesday morning.

The cyber attack on Atlanta caused myriad issues with the city’s computer systems and could end up costing $17 million to taxpayers, according to one report. Deputy U.S. Attorney General Rod Rosenstein said the indictment also accuses the same defendants of a similar attack on the city of Newark, N.J., and some 200 other victims, including hospitals and health care agencies.

VIDEO: More on the Atlanta cyber attack

The attack crippled many key city departments, shut down Watershed Management’s online payment portal, wiped out the Atlanta Police Department’s dashcam video archive and the city’s Municipal Court system descended into chaos.

The defendants, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, allegedly collected some $6 million from various victims. Officials declined to say if Atlanta paid a ransom.

The defendants, who may still be in Iran, are not in custody.

The FBI said the attacks were part of an increase of such activity from Iran, but officials made no allegation that the government of the country was involved.

The defendants used so-called ransomware to shut down computer systems and then demand payments to restore the systems, according to the federal indictment, which was filed in Newark.

“According to the indictment, the hackers infiltrated computer systems in 10 states and Canada and then demanded payment,” Rosenstein said. “The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims.”


In June, Atlanta  announced it had largely recovered from the March attack, but the Atlanta Police Department said it had lost "years" of dashcam video.

The six-count indictment accuses the defendants of a 34-months-long hacking and extortion scheme using malware called “SamSam Ransomware.” It was capable of forcibly encrypting data on the computers of victims, locking out the victims.

“The City of Atlanta is aware of the U.S. Department of Justice’s indictment related to the March cyber-attack against the City,” a spokesperson for Atlanta Mayor Keisha Lance Bottoms said in a statement Wednesday. “The Administration remains committed to ensuring the ongoing safety and security of the City’s cyber-infrastructure, as well as that of the people of Atlanta.”

The men are accused of seeking out victims who would be most vulnerable and stand to lose the most by being attacked.

Among the more than 200 victims FBI named were hospitals, municipalities, and public institutions. In addition to Atlanta and Newark, other victims were: the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

Return to for more on this developing story.