PwC, the second largest professional services firm in the world, has implicated two Iranians as the perpetrators behind the Bitcoin ransomware SamSam.
According to a previous press release published in November by the US Department of Justice (DoJ), Iranian nationals Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were allegedly behind the proliferation of SamSam, a ransomware that reportedly extorted over $6 million in Bitcoin and caused more than $30 million in damages across multiple U.S. government sectors, companies, universities, as well as hospitals.
As Big Four consulting and auditing company PwC stated in its report released last month, aside from the two suspects, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has also linked the ransomware scheme to Mohammad Ghorbaniyan and Ali Khorashadizadeh, the operators of the Iran-based crypto trading platform WEX which purportedly assisted Savandi and Mansouri in facilitating the transactions involving the Bitcoin ransom.
Formerly known as BTC-e, the crypto exchange was subsequently rebranded as WEX in September 2017 in an attempt to extricate itself from a money laundering investigation that led to the termination of BTC-e’s operations in July that year. According to PwC, BTC-e was allegedly behind the exchange of at least $1.9 million of the amassed by the SamSam ransomware, stressing that:
“BTC-e is known for its involvement in laundering approximately $4 billion and is responsible for cashing out 95 percent of all ransomware payments made from 2014 to 2017 — of which $1.9 million came from SamSam ransomware.”
Furthermore, PwC also adduced another investigation implicating BTC-e to Bitcoin transactions involving Russia’s Main Intelligence Directorate of the General Staff (GRU). According to the report, a cyber espionage group called “Fancy Bear” believed to be associated with the GRU is purportedly involved in a previous cyber attack against the Democratic National Committee prior to the 2016 US presidential elections.
The investigation has since led to the arrest of suspected former BTC-e operator Alexander Vinnik in July 2017 over fraud and money laundering charges. Following health complications resulting from his month-long hunger strike, Russian human rights officials have assisted in the extradition of the alleged Bitcoin launderer back to his country.