The person at the center of this case
Hundreds of organizations across critical infrastructure, healthcare, transportation, and government sectors
Cold Case · Open
7 years waiting · since 2018
SAMSAM SUBJECTS
Justice for Hundreds of organizations across critical infrastructure, healthcare, transportation, and government sectors — the trail went cold in 2018, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1Both suspects are Iranian nationals believed to be in Tehran—what is their current location and will Iran extradite them?
🔍
evidence
Lead #2Over $6 million in ransom payments received since 2015—how were these funds traced and where are they now?
💡
clue
Lead #3SamSam targeted critical infrastructure and healthcare—were there coordinated attacks or separate campaigns?
Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for orchestrating the SamSam ransomware attacks that infected hundreds of computer networks across the United States and internationally since December 2015, extorting over $6 million from victims in critical infrastructure, healthcare, transportation, and government sectors. Both Iranian nationals were indicted in November 2018 by a federal grand jury in New Jersey on charges including conspiracy to commit fraud, wire fraud, intentional computer damage, and extortion. The case remains active as both suspects are believed to be residing in Tehran, Iran, and their extradition status remains unresolved.
Case
#901
United States District Court for the District of New Jersey; FBI
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
👤
person
Lead #4What is the relationship between Shah Mansouri (born 1991) and Shahi Savandi (born 1984) and how did they coordinate the attacks?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Conspiracy to Commit Wire Fraud; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for allegedly launching SamSam ransom ware, aka MSIL/Samas.A attacks, which encrypted hundreds of computer networks in the United States and other countries. Since December of 2015, Shah Mansouri and Shahi Savandi have received over $6 million in ransom payments from victims across several sectors, including critical infrastructure, healthcare, transportation, and state/local governments.
On November 26, 2018, a federal grand jury sitting in the United States District Court for the District of New Jersey, Newark, New Jersey, indicted Shah Mansouri and Shahi Savandi on charges of conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The District of New Jersey issued a federal arrest warrant for both men.
Remarks: Mohammad Mehdi Shah Mansouri is an Iranian male with a date of birth of September 24, 1991. He has brown hair and brown eyes and was born in Qom, Iran.
Faramarz Shahi Savandi is an Iranian male who was born in Shiraz, Iran, on September 16, 1984. Both men are known to speak Farsi and reside in Tehran, Iran.
Timeline of Events
📋
2015-12-01
SamSam ransomware campaign begins
Ransomware attacks commence targeting computer networks
🕵️
2018-11-26
Federal indictment issued
Grand jury in District of New Jersey indicts Shah Mansouri and Shahi Savandi on multiple charges
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:December 1, 2015
Last Updated:June 15, 2026
Leave a comment
Comments
Case Information
Incident:December 1, 2015
Last Updated:June 15, 2026