An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.
According to a U.S. Department of Justice and an unsealed indictment, 39-year-old man named Sina Gholinejad, also known as “Sina Ghaaf,” and his conspirators deployed the Robbinhood ransomware on breached networks from at least January 2019 through March 2024.
The attacks targeted local governments, healthcare providers, and nonprofit organizations, encrypting files and demanding Bitcoin ransoms in return for a decryptor and to prevent data leaks.
Victims included the cities of Baltimore, Greenville (North Carolina), Gresham (Oregon), and Yonkers (New York), as well as organizations such as Meridian Medical Group and Berkshire Farm Center.
Gholinejad and his co-conspirators often accessed victim networks using administrator accounts or vulnerabilities, deployed the ransomware manually, and demanded payment through Tor dark web sites.
However, it wasn’t until May 2019 that the Robbinhood gang gained notoriety after disrupting Baltimore’s IT systems for weeks.
The ransomware gang also conducted data theft in later campaigns, using the stolen data and the threat of leaks as additional leverage against victims.
Robbinhood stood out at the time for using a legitimate but vulnerable Gigabyte driver (gdrv.sys) in Bring Your Own Vulnerable Driver attacks to turn off antivirus software. This allowed the threat actors to launch their ransomware encryptor without interference from security software.
Source: BleepingComputer
Ransom notes left on devices directed victims to contact them on Tor sites to negotiate ransoms.
The indictment describes how the attackers used virtual private servers in Europe, VPNs, and cryptocurrency mixers to evade law enforcement.
Gholinejad pleaded guilty in a North Carolina federal court and now faces a maximum penalty of 30 years in prison for conspiracy to commit fraud, computer intrusion, extortion, and money laundering.
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Source link
- Avast Premium antivirus review | Tom’s Guide
-
-
-
-
-
-
-
