Iranian Hacker Pleads Guilty to RobbinHood Ransomware Attacks Affecting Gresham, Oregon

Crime & Courts
By Diane Megaw
Gavel - Courtroom - Oregon

A 37-year-old Iranian man, Sina Gholinejad, pleaded guilty to participating in an international scheme involving the Robbinhood ransomware yesterday. The cyber-attacks were conducted across the US as Gholinejad and his associates compromised computer networks to extort ransom payments.

 

Robbinhood Ransomware Kingpin Pleads Guilty

The Robbinhood ransomware and extortion scheme operators, Gholinejad and his co-conspirators- all of whom were overseas,  compromised the computer networks of cities, corporations, healthcare organizations, and other entities around the US.

They encrypted Robbinhood ransomware files on their victims networks to extort ransom payments.

Significant disruptions and tens of millions of dollars in losses resulted across the US, including in the Cities of Greenville, North Carolina, and Baltimore, Maryland.

The indictment also identified multiple additional victims of Robbinhood ransomware, including the City of Gresham, Oregon and the City of Yonkers, New York. The conspirators leveraged the damage they caused these cities to threaten subsequent victims.

Starting in January 2019, Gholinejad and his associates gained and maintained unauthorized access to victim computer networks, copying information from the infected victim networks to virtual private servers under their control.

They then deployed Robbinhood ransomware to encrypt the victims’ files before extorting Bitcoin from victims in exchange for the private key required to decrypt the victims’ computer files.

The Robbinhood conspirators attempted to launder the ransom payments through cryptocurrency chain-hopping mixing services and transferring assets between different types of cryptocurrencies.

They also concealed their identities and activities through a number of technical methods, including virtual private networks (VPNs) and servers they operated.

Baltimore lost over $19 million due to damage to its computer networks and the resulting disruption to several essential city services. Online services for processing property taxes, water bills, parking citations, and other revenue-generating functions were disrupted for several months.

The FBI led the investigation. Assistant US Attorney Brad DeVoe, Senior Counsels Aarash Haghighat, and Ryan R.J. Dickey of the Criminal Division’s Computer Crime and Intellectual Property Section prosecuted the case, assisted by Trial Attorney Alexandra Cooper-Ponte of the Computer Crime and Intellectual Property Section and Deputy Chief Matthew Anzaldi of the National Security Division’s National Security Cyber Section.

The Justice Department’s Office of International Affairs also provided substantial assistance in the collection of evidence.

Acting Special Agent in Charge James C. Barnacle Jr. of the FBI said, “This case demonstrates the capability and resolve of the FBI and our partners to find and impose consequences on cybercriminals no matter where they attempt to hide.”

Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud.  He faces a maximum penalty of 30 years in prison when sentenced later this year.

For information on protecting networks against ransomware, visit StopRansomware.gov.

Morning Brief Newsletter
Sign up today for our daily newsletter, a quick overview of top local stories and Oregon breaking news delivered directly to your inbox
You can unsubscribe at any time
You might also like More from author
Leave A Reply

Your email address will not be published.