An Iranian national pleaded guilty today to participating in an international ransomware and extortion scheme involving the Robbinhood ransomware.
According to court documents and statements made in court, Sina Gholinejad, 37, and his co-conspirators compromised the computer networks of cities, corporations, health care organizations, and other entities around the United States, and encrypted files on these victim networks with the Robbinhood ransomware variant to extort ransom payments. These cyber-attacks caused significant disruptions and tens of millions in losses, including to the City of Greenville, North Carolina, and the City of Baltimore, Maryland. Baltimore lost more than $19 million from the damage caused to their computer networks and the resulting disruption to several essential city services, including online services for processing property taxes, water bills, parking citations, and other revenue-generating functions, which lasted many months. The conspirators used the damage they caused these cities to threaten subsequent victims.
“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months. Gholinejad’s conviction reflects the Criminal Division’s commitment to bringing cybercriminals who target our cities, healthcare system, and businesses to justice no matter where they are located. There will be no impunity for these destructive attacks.”
“Cybercrime is not a victimless offense—it is a direct attack on our communities, as seen in this case. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions,” said acting U.S. Attorney Daniel P. Bubar. “The announcement today marks a significant step towards justice for the countless victims impacted by the defendant’s malicious scheme. Cases like these act as a reminder that cybercriminals who seek to exploit our digital infrastructure for personal gain will be identified, prosecuted, and held accountable.”
“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said Acting Special Agent in Charge James C. Barnacle Jr. of the FBI. “This case demonstrates the capability and resolve of the FBI and our partners to find and impose consequences on cybercriminals no matter where they attempt to hide.”
Beginning in January 2019, Gholinejad and others gained and maintained unauthorized access to victim computer networks and then copied information from the infected victim networks to virtual private servers controlled by the conspirators. The conspirators also deployed Robbinhood ransomware to encrypt the victims’ files and extort Bitcoin from victims in exchange for the private key required to decrypt the victims’ computer files.
Gholinejad and his co-conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies, a practice known as chain-hopping. They also hid their identities and activities through a number of technical methods, including the use of virtual private networks and servers that they operated. The indictment identifies multiple additional victims of Robbinhood ransomware, including, but not limited to, the City of Gresham, Oregon and the City of Yonkers, New York.
Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum penalty of 30 years in prison when sentenced later this year.
Daniel P. Bubar, Acting U.S. Attorney for the Eastern District of North Carolina made the announcement after Chief U.S. District Judge Richard E. Myers II accepted the plea. The Federal Bureau of Investigation is investigating the case and Assistant U.S. Attorney Brad DeVoe, Senior Counsels Aarash Haghighat and Ryan R.J. Dickey of the Criminal Division’s Computer Crime and Intellectual Property Section are prosecuting the case with valuable assistance from Trial Attorney Alexandra Cooper-Ponte of the Computer Crime and Intellectual Property Section and Deputy Chief Matthew Anzaldi of the National Security Division’s National Security Cyber Section.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
