The person at the center of this case
Hundreds of organizations across critical infrastructure, healthcare, transportation, and government sectors
Cold Case · Open - Wanted
7 years waiting · since 2018
SAMSAM SUBJECTS
Justice for Hundreds of organizations across critical infrastructure, healthcare, transportation, and government sectors — the trail went cold in 2018, but the truth hasn't.
Start here
Key leads to think about
🎯
suspect
Lead #1Why do both suspects remain in Tehran, Iran, and what diplomatic efforts have been made to secure their extradition?
🔍
evidence
Lead #2How were the SamSam ransomware attacks technically executed, and what vulnerabilities did they exploit across diverse critical infrastructure sectors?
💡
clue
Lead #3How were the over $6 million in ransom payments traced, and what cryptocurrency or payment methods were used to receive funds?
Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for orchestrating the SamSam ransomware attacks that encrypted hundreds of computer networks across the United States and internationally since December 2015, generating over $6 million in ransom payments from critical infrastructure, healthcare, transportation, and government sectors. Both Iranian nationals were indicted on November 26, 2018, by a federal grand jury in New Jersey on charges including conspiracy to commit fraud, wire fraud, intentional computer damage, and extortion related to computer attacks. Despite the indictment and FBI wanted notice, both men remain at large and are believed to be residing in Tehran, Iran, making their apprehension dependent on international cooperation and law enforcement coordination.
Case
#901
Federal Bureau of Investigation (FBI) and United States District Court for the District of New Jersey
Try asking
Claim this imported case
A one-time $10 claim transfers this imported case workspace to your account. You get 10 uploads for this case, 25 daily AI questions for this case, and public tips with files route to you.
10 uploads25 AI questions/day
This does not start a subscription. When the included limits are reached, the Personal plan unlocks more workspace capacity.
More leads to consider
Beyond the top three above — each detail below could be the thread that pulls this case open.
👤
person
Lead #4What is the operational relationship between Shah Mansouri (born 1991) and Shahi Savandi (born 1984), and how did they coordinate the attacks?
⏰
timeline
Lead #5Why was there a three-year gap between the campaign start in December 2015 and the November 2018 indictment, and what evidence led to their identification?
Have information about any of these leads?
Even the smallest detail could be the key to solving this case.
Official wording
Source Narrative
Conspiracy to Commit Fraud and Related Activity in Connection with Computers; Conspiracy to Commit Wire Fraud; Intentional Damage to a Protected Computer; Transmitting a Demand in Relation to Damaging a Protected Computer Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi are wanted for allegedly launching SamSam ransom ware, aka MSIL/Samas.A attacks, which encrypted hundreds of computer networks in the United States and other countries. Since December of 2015, Shah Mansouri and Shahi Savandi have received over $6 million in ransom payments from victims across several sectors, including critical infrastructure, healthcare, transportation, and state/local governments.
On November 26, 2018, a federal grand jury sitting in the United States District Court for the District of New Jersey, Newark, New Jersey, indicted Shah Mansouri and Shahi Savandi on charges of conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, intentional damage to a protected computer, and transmitting a demand in relation to damaging a protected computer. The District of New Jersey issued a federal arrest warrant for both men.
Remarks: Mohammad Mehdi Shah Mansouri is an Iranian male with a date of birth of September 24, 1991. He has brown hair and brown eyes and was born in Qom, Iran.
Faramarz Shahi Savandi is an Iranian male who was born in Shiraz, Iran, on September 16, 1984. Both men are known to speak Farsi and reside in Tehran, Iran.
Timeline of Events
📋
2015-12-01
SamSam Ransomware Campaign Begins
Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi allegedly begin launching SamSam ransomware attacks against computer networks
🕵️
2018-11-26
Federal Indictment Issued
A federal grand jury in the United States District Court for the District of New Jersey indicts both subjects on charges of conspiracy to commit fraud, wire fraud, intentional computer damage, and extortion
Key Locations
Interactive map showing important locations related to this case
Case Information
Incident:December 1, 2015
Last Updated:May 12, 2026
Leave a comment
Comments
Case Information
Incident:December 1, 2015
Last Updated:May 12, 2026