March 29, 2019

Iranian Cryptotrader Implicated in Ransomware Scheme Turning to Mysterious Payment System

By Albin Szakola




The day after he was sanctioned in November 2018, cryptocurrency trader Mohammad Ghorbaniyan wrote in a defiant social media post, “Don’t be worried at all, as long as we are on [the U.S.] sanctions list they can only, maybe, cause trouble for us outside of [Iran].”

“According to my communications with Iranian intelligence, there will not be any problems inside Iran,” Ghorbaniyan added on his social media account in which he advertises digital currency trades.

Ghorbaniyan and fellow Iranian cryptocurrency trader Ali Khorashadizadeh were designated Nov. 28, 2018, for helping “exchange digital currency (bitcoin) ransom payments into Iranian rial on behalf of Iranian malicious cyber actors involved with the SamSam ransomware scheme.”

Kharon research

Log in for access to the latest updates and analysis on networks targeted by sanctions and sanctions-related risk. Don’t have an account? Click REQUEST AN ACCOUNT to receive information on how to get signed up.

Request an account or Log in