An Iranian nationwide has pleaded responsible to taking part within the Robbinhood ransomware operation, which was used to breach the networks, steal knowledge, and encrypt units of U.S. cities and organizations in an try and extort hundreds of thousands of {dollars} over a five-year span.
In keeping with a U.S. Division of Justice and an unsealed indictment39-year-old man named Sina Gholinejad, also called “Sina Ghaaf,” and his conspirators deployed the Robbinhood ransomware on breached networks from a minimum of January 2019 via March 2024.
The assaults focused native governments, healthcare suppliers, and nonprofit organizations, encrypting recordsdata and demanding Bitcoin ransoms in return for a decryptor and to forestall knowledge leaks.
Victims included the cities of Baltimore, Greenville (North Carolina), Gresham (Oregon), and Yonkers (New York), in addition to organizations reminiscent of Meridian Medical Group and Berkshire Farm Middle.
Gholinejad and his co-conspirators typically accessed sufferer networks utilizing administrator accounts or vulnerabilities, deployed the ransomware manually, and demanded fee via Tor darkish websites.
Nonetheless, it wasn’t till Could 2019 that the Robbinhood gang gained notoriety after disrupting Baltimore’s IT programs for weeks.
The ransomware gang additionally carried out knowledge theft in later campaigns, utilizing the stolen knowledge and the specter of leaks as extra leverage towards victims.
Robbinhood stood out on the time for utilizing a respectable however weak Gigabyte driver (gdrv.sys) in Carry Your Personal Susceptible Driver assaults to show off antivirus software program. This allowed the menace actors to launch their ransomware encryptor with out interference from safety software program.
Information encrypted by the RobbinHood ransomware
Supply: BleepingComputer
Ransom notes left on units directed victims to contact them on Tor websites to barter ransoms.
The indictment describes how the attackers used digital personal servers in Europe, VPNs, and cryptocurrency mixers to evade regulation enforcement.
Gholinejad pleaded responsible in a North Carolina federal court docket and now faces a most penalty of 30 years in jail for conspiracy to commit fraud, laptop intrusion, extortion, and cash laundering.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and find out how to defend towards them.
