In brief

  • The U.S. Treasury today announced sanctions against 10 individuals and two entities for alleged ransomware attacks.
  • The suspects, who are allegedly connected to Iran’s Islamic Revolutionary Guard Corps, had their Bitcoin addresses blacklisted as well.

The United States Treasury’s Office of Foreign Assets Control (OFAC) today issued sanctions against 10 people and two companies associated with a ransomware group tied to Iran’s Islamic Revolutionary Guard Corps (IRGC)—and blocked their Bitcoin wallet addresses as well.

According to the department, the individuals and entities added to the government’s sanctions list participated in coordinated ransomware attacks that have targeted an array of United States-based companies and organizations since at least 2020.

Ransomware is a type of attack in which hackers remotely lock a computer or network by exploiting software flaws, and then demand payment to unlock access. Typically, these payments are made in cryptocurrency, which can be more difficult to track than other digital payment methods, despite the transparency of blockchainnetworks like Bitcoin.


Treasury officials allege that the Iranian group’s American targets included a children’s hospital, a city in New Jersey, a rural electric utility company, and an array of other businesses. The individuals have been identified as employees or associates of Najee Technology Hooshmand Fater LLC and Afkar System Yazd Company.

By placing the alleged attackers and their business entities on the OFAC sanctions list, American citizens and companies are now prohibited from interacting with them. That includes the Bitcoin wallet addresses that are listed alongside their alleged owners’ names.

Beyond the OFAC sanctions, the Treasury also said that three of the individuals—Mansour Ahmadi, Ahmad Khatibi Aghda, and Amir Hossein Nikaeen Ravari—have been charged by the U.S. Attorney’s Office for the District of New Jersey in connection to the ransomeware attack. New Jersey state is offering rewards up to $10 million for information tied to those individuals.

Today’s moves follow the Treasury’s recent decision to add Tornado Cash—an Ethereum coin mixing tool designed to obscure the movement of crypto funds—to the sanctions list in August.

The Treasury alleges that Tornado Cash has been primarily used to launder money, including stolen crypto funds. However, like other decentralized apps, Tornado Cash runs autonomously via a programmed smart contract, and isn’t operated by people or a company.


The decision has been especially divisive, as a result, drawing criticism not only from across the crypto world, but also questions from U.S. Representative Tom Emmer. Amid the pushback, the Treasury this week clarified its position on using Tornado Cash, and noted that people who were sent funds via Tornado Cash without their consent (or “dusted”) will not be punished.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.