The two face charges of fraud, wire fraud, intentional damage to a protected computer and transmitting a demand in relation to damaging a protected computer.

Mansouri and Savandi reportedly finished the first version of SamSam in December 2015, updating it twice in 2017. They took care when launching their attacks, according to officials -- they apparently researched targets, masked their activity as legitimate network traffic (including the use of Tor) and made sure to compromise victims outside of typical business hours. They would demand bitcoin as payment and used Iranian exchanges to convert it to conventional currency.

The issue: as with earlier indictments of Russian hackers, the charges may be more symbolic than practical. Both Mansouri and Savandi live in Iran, which doesn't have an extradition treaty with the US and isn't likely to provide either suspect voluntarily. This will limit where they can travel and calls them out by name, but it won't stop them from launching further attacks or profiting from their campaign.