An Iranian nationwide has pleaded responsible to taking part within the Robbinhood ransomware operation, which was used to breach the networks, steal information, and encrypt units of U.S. cities and organizations in an try and extort tens of millions of {dollars} over a five-year span.
In line with a U.S. Division of Justice and an unsealed indictment, 39-year-old man named Sina Gholinejad, often known as “Sina Ghaaf,” and his conspirators deployed the Robbinhood ransomware on breached networks from at the least January 2019 by means of March 2024.
The assaults focused native governments, healthcare suppliers, and nonprofit organizations, encrypting information and demanding Bitcoin ransoms in return for a decryptor and to stop information leaks.
Victims included the cities of Baltimore, Greenville (North Carolina), Gresham (Oregon), and Yonkers (New York), in addition to organizations equivalent to Meridian Medical Group and Berkshire Farm Middle.
Gholinejad and his co-conspirators typically accessed sufferer networks utilizing administrator accounts or vulnerabilities, deployed the ransomware manually, and demanded fee by means of Tor darkish internet sites.
Nonetheless, it wasn’t till Might 2019 that the Robbinhood gang gained notoriety after disrupting Baltimore’s IT programs for weeks.
The ransomware gang additionally carried out information theft in later campaigns, utilizing the stolen information and the specter of leaks as further leverage in opposition to victims.
Robbinhood stood out on the time for utilizing a official however susceptible Gigabyte driver (gdrv.sys) in Deliver Your Personal Susceptible Driver assaults to show off antivirus software program. This allowed the risk actors to launch their ransomware encryptor with out interference from safety software program.
Supply: BleepingComputer
Ransom notes left on units directed victims to contact them on Tor websites to barter ransoms.
The indictment describes how the attackers used digital non-public servers in Europe, VPNs, and cryptocurrency mixers to evade regulation enforcement.
Gholinejad pleaded responsible in a North Carolina federal court docket and now faces a most penalty of 30 years in jail for conspiracy to commit fraud, laptop intrusion, extortion, and cash laundering.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the right way to defend in opposition to them.
