An Iranian nationwide has pleaded responsible to taking part within the Robbinhood ransomware operation, which was used to breach the networks, steal knowledge, and encrypt units of U.S. cities and organizations in an try and extort thousands and thousands of {dollars} over a five-year span.
In accordance with a U.S. Division of Justice and an unsealed indictment, 39-year-old man named Sina Gholinejad, also referred to as “Sina Ghaaf,” and his conspirators deployed the Robbinhood ransomware on breached networks from at the very least January 2019 via March 2024.
The assaults focused native governments, healthcare suppliers, and nonprofit organizations, encrypting information and demanding Bitcoin ransoms in return for a decryptor and to forestall knowledge leaks.
Victims included the cities of Baltimore, Greenville (North Carolina), Gresham (Oregon), and Yonkers (New York), in addition to organizations resembling Meridian Medical Group and Berkshire Farm Heart.
Gholinejad and his co-conspirators typically accessed sufferer networks utilizing administrator accounts or vulnerabilities, deployed the ransomware manually, and demanded fee via Tor darkish web pages.
Nevertheless, it wasn’t till Might 2019 that the Robbinhood gang gained notoriety after disrupting Baltimore’s IT techniques for weeks.
The ransomware gang additionally performed knowledge theft in later campaigns, utilizing the stolen knowledge and the specter of leaks as further leverage towards victims.
Robbinhood stood out on the time for utilizing a professional however weak Gigabyte driver (gdrv.sys) in Deliver Your Personal Weak Driver assaults to show off antivirus software program. This allowed the menace actors to launch their ransomware encryptor with out interference from safety software program.
Supply: BleepingComputer
Ransom notes left on units directed victims to contact them on Tor websites to barter ransoms.
The indictment describes how the attackers used digital personal servers in Europe, VPNs, and cryptocurrency mixers to evade regulation enforcement.
Gholinejad pleaded responsible in a North Carolina federal court docket and now faces a most penalty of 30 years in jail for conspiracy to commit fraud, laptop intrusion, extortion, and cash laundering.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and methods to defend towards them.
