Latest news with #Gholinejad
The Herald Scotland
6 days ago
- The Herald Scotland
Iranian man pleads guilty to 2019 Baltimore ransomware attack
He faces a maximum penalty of 30 years in prison and is scheduled to be sentenced in August, the Justice Department announced. Gholinejad and unidentified co-conspirators were behind a string of ransomware attacks between January 2019 and March 2024, according to an April 2024 indictment unsealed on May 27. The Justice Department said Gholinejad and his co-conspirators encrypted files on the targeted networks with the Robbinhood ransomware variant to extort ransom payments. The conspirators compromised the computer networks of health care organizations, corporations, and other entities across the United States, according to the Justice Department. The cyberattacks also targeted several U.S. cities, including Baltimore in the high-profile 2019 ransomware attack, and caused "significant disruptions" to essential city services, federal authorities said. The Justice Department added that the conspirators "used the damage they caused these cities to threaten subsequent victims." Though court documents did not allege a state-backed connection in this case, federal authorities have warned in recent years of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities. Federal agencies have also issued numerous advisories for cyberattacks by foreign groups, including the Islamic Revolutionary Guard Corps. In November 2023, an Iranian-linked cyber group, Cyber Av3ngers, hacked into the water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure, and one that includes technology manufactured in Israel. At the time, federal authorities said the group was looking to disrupt Israeli-made technology in the United States. Here's how to stay protected. Officials warn against dangerous Medusa ransomware attacks. Conspirators used hacking tools to gain access to computer networks Federal authorities said Gholinejad and his co-conspirators gained unauthorized access to computer networks with hacking tools. They copied, transmitted, and stored information and files from the infected victim networks to virtual private servers controlled by the conspirators, according to the indictment. The conspirators also deployed Robbinhood ransomware on targeted computers to encrypt files and make them inaccessible to the victims, the indictment states. They then extorted victims by requiring the payment of Bitcoin in exchange for the private key used to decrypt the victims' computer files. The Justice Department said the conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies. According to the indictment, the conspirators concealed their identities and activities through various methods, such as the use of virtual private networks and servers that they controlled. The attack on Baltimore in 2019 cost the city more than $19 million from damage to computer networks and disruptions to city services that lasted many months, including the processing of property taxes, water bills, parking citations, and other revenue-generating functions, the Justice Department said. Additional victims include computer networks in the cities of Gresham, Oregon; Yonkers, New York; and Greenville, North Carolina, along with the Glenn-Colusa Irrigation District in California and the nonprofit Berkshire Farm Center and Services for Youth, based in New York, according to the indictment. "Gholinejad and his co-conspirators -- all of whom were overseas -- caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses," Matthew R. Galeotti, head of the Justice Department's Criminal Division, said in a statement. "The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," Galeotti added. Contributing: Claire Thornton, USA TODAY; Reuters
USA Today
7 days ago
- USA Today
Iranian man pleads guilty to ransomware attacks that targeted Baltimore, other US cities
Iranian man pleads guilty to ransomware attacks that targeted Baltimore, other US cities Show Caption Hide Caption How to avoid scams and frauds online Avoid scams and frauds online with these cybersecurity tips. An Iranian national pleaded guilty for his role in an international ransomware scheme that targeted the computer networks of Baltimore and other U.S. cities, causing tens of millions of dollars in losses and disrupting services, federal authorities said. Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud on May 27, the U.S. Department of Justice said in a news release. Gholinejad was arrested on January 10 at Raleigh-Durham International Airport in North Carolina, federal court records show. He faces a maximum penalty of 30 years in prison and is scheduled to be sentenced in August, the Justice Department announced. Gholinejad and unidentified co-conspirators were behind a string of ransomware attacks between January 2019 and March 2024, according to an April 2024 indictment unsealed on May 27. The Justice Department said Gholinejad and his co-conspirators encrypted files on the targeted networks with the Robbinhood ransomware variant to extort ransom payments. The conspirators compromised the computer networks of health care organizations, corporations, and other entities across the United States, according to the Justice Department. The cyberattacks also targeted several U.S. cities, including Baltimore in the high-profile 2019 ransomware attack, and caused "significant disruptions" to essential city services, federal authorities said. The Justice Department added that the conspirators "used the damage they caused these cities to threaten subsequent victims." Though court documents did not allege a state-backed connection in this case, federal authorities have warned in recent years of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities. Federal agencies have also issued numerous advisories for cyberattacks by foreign groups, including the Islamic Revolutionary Guard Corps. In November 2023, an Iranian-linked cyber group, Cyber Av3ngers, hacked into the water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure, and one that includes technology manufactured in Israel. At the time, federal authorities said the group was looking to disrupt Israeli-made technology in the United States. Here's how to stay protected. Officials warn against dangerous Medusa ransomware attacks. Conspirators used hacking tools to gain access to computer networks Federal authorities said Gholinejad and his co-conspirators gained unauthorized access to computer networks with hacking tools. They copied, transmitted, and stored information and files from the infected victim networks to virtual private servers controlled by the conspirators, according to the indictment. The conspirators also deployed Robbinhood ransomware on targeted computers to encrypt files and make them inaccessible to the victims, the indictment states. They then extorted victims by requiring the payment of Bitcoin in exchange for the private key used to decrypt the victims' computer files. The Justice Department said the conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies. According to the indictment, the conspirators concealed their identities and activities through various methods, such as the use of virtual private networks and servers that they controlled. The attack on Baltimore in 2019 cost the city more than $19 million from damage to computer networks and disruptions to city services that lasted many months, including the processing of property taxes, water bills, parking citations, and other revenue-generating functions, the Justice Department said. Additional victims include computer networks in the cities of Gresham, Oregon; Yonkers, New York; and Greenville, North Carolina, along with the Glenn-Colusa Irrigation District in California and the nonprofit Berkshire Farm Center and Services for Youth, based in New York, according to the indictment. 'Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,' Matthew R. Galeotti, head of the Justice Department's Criminal Division, said in a statement. "The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," Galeotti added. Contributing: Claire Thornton, USA TODAY; Reuters
Arabian Post
7 days ago
- Arabian Post
Iranian Hacker Admits Role in Robbinhood Ransomware Attacks
A 37-year-old Iranian national, Sina Gholinejad, has pleaded guilty in a North Carolina federal court to his involvement in a series of ransomware attacks that targeted U.S. municipalities and organisations, causing extensive financial and operational damage. Gholinejad admitted to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He now faces a maximum sentence of 30 years in prison, with sentencing scheduled for August 2025. The plea was accepted by U.S. District Judge Richard E. Myers II in Wilmington. Between January 2019 and March 2024, Gholinejad and unnamed co-conspirators deployed the RobbinHood ransomware variant to infiltrate and encrypt data on the networks of various U.S. city governments, healthcare organisations, and private entities. The attackers demanded ransom payments in Bitcoin in exchange for decryption keys. Among the most severely affected was Baltimore, Maryland, which incurred over $19 million in damages and experienced prolonged disruptions to essential services, including property tax processing and water billing systems. ADVERTISEMENT Other targeted locations included Greenville, North Carolina; Gresham, Oregon; and Yonkers, New York. The conspirators also targeted entities such as the Glenn-Colusa Irrigation District in California and the Berkshire Farm Center in New York. The attackers often used the damage inflicted on earlier victims to coerce subsequent targets into paying ransoms. Gholinejad and his associates employed various tactics to conceal their identities and activities, including the use of virtual private networks and virtual private servers . They also engaged in 'chain-hopping,' a method of laundering cryptocurrency by moving funds through multiple digital currencies to obscure the origin of the payments. The investigation was led by the FBI's Charlotte and Baltimore field offices, with assistance from the Department of Justice's Criminal Division and National Security Division. Matthew R. Galeotti, head of the Justice Department's Criminal Division, stated that the attacks caused 'tens of millions of dollars in losses and disrupted essential public services.' Gholinejad was arrested in January 2025 at Raleigh-Durham International Airport. The indictment, initially sealed, was made public following his guilty plea. While the Department of Justice has not alleged direct state sponsorship in this case, U.S. officials have previously linked some Iranian cyber groups to government-backed entities. Iran has denied involvement in state-sponsored cyberattacks targeting U.S. infrastructure.
San Francisco Chronicle
27-05-2025
- San Francisco Chronicle
Iranian pleads guilty to ransomware attacks that affected Baltimore, other cities
WILMINGTON, N.C. (AP) — An Iranian national pleaded guilty on Tuesday in North Carolina federal court for his role in a ransomware and extortion operation that prosecutors say targeted computer networks for Baltimore and other U.S. cities, a scheme that led to work disruptions and financial losses. Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud, according to a U.S. Department of Justice news release. A plea hearing for Gholinejad had been scheduled for Tuesday morning before U.S. District Judge Richard Myers in Wilmington. Gholinejad faces a maximum of 30 years in prison, with a sentencing hearing set for August, the release said. The Justice Department said court documents and statements made in court show Gholinejad and unidentified coconspirators caused cyberattacks in which they encrypted files on the targeted networks with the RobbinHood ransomware variant to extort ransom payments. Attack recipients included city governments of Greenville, North Carolina in April 2019, and of Baltimore a month later. Corporations and other entities were targeted. Baltimore officials at the time of the attack said hackers had demanded the city pay the equivalent of $76,000 in bitcoin, which city leaders refused to pay. The city lost more than $19 million from damage to its network and resulting disruption to city services for months, including online processing of property taxes, water bills and parking citations, the news release said. Conspirators used the damage to threaten subsequent victims, according to prosecutors. Other cities targeted included Gresham, Oregon, and Yonkers, New York. 'These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,' said Acting Special Agent in Charge James Barnacle Jr. of the FBI's Charlotte Field Office, which helped investigate the case. According to the government, Gholinejad and coconspirators began cyberattacks in January 2019 by accessing victim computer networks and copying information from the infected networks to private servers they controlled. Gholinejad had been accused of seven criminal counts in an April 2024 sealed indictment now made public by the Justice Department. Myers unsealed the case on Tuesday, although the plea agreement documents remained inaccessible, according to the defendant's online case file. Acting U. S. Attorney Daniel Bubar for the Eastern District of North Carolina, whose office prosecuted the case, said 'cybercrime is not a victimless offense — it is a direct attack on our communities.' The FBI's Baltimore office and the National Security Cyber Section of the U.S. Justice Department's National Security Division also participated in pursuing the case.
Yahoo
27-05-2025
- Business
- Yahoo
Wilmington man pleads guilty to wire fraud
WILIMNGTON, N.C. (WNCT) — According to the United States Department of Justice, an Iranian man has plead guilty to his involvement in an international ransomware and extortion scheme. Sina Gholinejad, 37, and his associates compromised the computer networks of cities, corporations, health care organizations, and other entities around the United States, and encrypted files on these victim networks with the Robbinhood ransomware variant to accumulate ransom payments that totaled tens of millions of dollars in fraud. Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum penalty of 30 years in prison when sentenced later this year. Copyright 2025 Nexstar Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
