US issues sanctions on ten Iranians for roles in 'cyber acts'

The United States is sanctioning people and entities for their alleged roles in malicious cyber acts, including ransomware activity, according to a statement by Secretary of State Antony Blinken.

The statement, released Wednesday, announced the sanctioning of ten individuals and two entities, all allegedly affiliated with Iran's Islamic Revolutionary Guard Corps. This is part of a "joint action" with the Department of Justice, the Department of the Treasury, the Federal Bureau of Investigation

According to the statement, the decision is being taken to combat and deter ransomware threats, which have disrupted global business, and critical infrastructure and threatened the security of the United States and other countries. 

The Department of State’s Rewards for Justice program is offering up to US$10 million "for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against US critical infrastructure in violation of the Computer Fraud and Abuse Act."

On the same day that Blinken announced sanctions on Iranians relating to cyber attacks, the Justice Department said that it had charged three Iranians with trying to extort hundreds of thousands of dollars from organisations in the US, Europe, Iran and Israel, including a domestic violence shelter, by breaching their computer systems. 

The defendants, Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nikaein, live in Iran, and it is unlikely that they will be arrested. It is unclear if they work for the Iranian government, though according to a separate Treasury Department statement, they are affiliated with the Islamic Revolutionary Guard Corps.