The person at the center of this case
Hundreds of organizations across multiple sectors including critical infrastructure, healthcare, transportation, and state/local governments
Cold Case · Open
7 years waiting · since 2018
SAMSAM SUBJECTS
Justice for Hundreds of organizations across multiple sectors including critical infrastructure, healthcare, transportation, and state/local governments — the trail went cold in 2018, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1Why have Shah Mansouri and Shahi Savandi remained at large in Iran despite international indictment and FBI wanted status?
🔍
evidence
Lead #2How did the perpetrators launder and access over $6 million in ransom payments across multiple victims and jurisdictions?
📍
location
Lead #3What specific critical infrastructure, healthcare, and government systems were targeted, and what was the operational impact on each sector?
Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for orchestrating the SamSam ransomware attacks that encrypted hundreds of computer networks across the United States and internationally since December 2015, generating over $6 million in ransom payments. The attacks targeted critical infrastructure, healthcare, transportation, and government systems, causing significant disruption to essential services. Both Iranian nationals remain at large, and their capture would disrupt one of the most prolific ransomware operations in history.
Case
#901
United States District Court for the District of New Jersey, Federal Bureau of Investigation
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
💡
clue
Lead #4Are there identifiable patterns in victim selection, attack timing, or ransom negotiation tactics that could aid in attribution or prevention?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Conspiracy to Commit Wire Fraud; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for allegedly launching SamSam ransom ware, aka MSIL/Samas.A attacks, which encrypted hundreds of computer networks in the United States and other countries. Since December of 2015, Shah Mansouri and Shahi Savandi have received over $6 million in ransom payments from victims across several sectors, including critical infrastructure, healthcare, transportation, and state/local governments.
On November 26, 2018, a federal grand jury sitting in the United States District Court for the District of New Jersey, Newark, New Jersey, indicted Shah Mansouri and Shahi Savandi on charges of conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The District of New Jersey issued a federal arrest warrant for both men.
Remarks: Mohammad Mehdi Shah Mansouri is an Iranian male with a date of birth of September 24, 1991. He has brown hair and brown eyes and was born in Qom, Iran.
Faramarz Shahi Savandi is an Iranian male who was born in Shiraz, Iran, on September 16, 1984. Both men are known to speak Farsi and reside in Tehran, Iran.
Timeline of Events
📋
2015-12-01
SamSam Ransomware Campaign Begins
Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi begin launching SamSam ransomware attacks against computer networks
🕵️
2018-11-26
Federal Indictment Issued
A federal grand jury in the United States District Court for the District of New Jersey indicts both subjects on charges of conspiracy to commit fraud, wire fraud, intentional damage to protected computers, and transmitting ransom demands
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:December 1, 2015
Last Updated:April 29, 2026
Leave a comment
Comments
Case Information
Incident:December 1, 2015
Last Updated:April 29, 2026