Ransomware Scheme: Iranian National Pleads Guilty in U.S. Court
An Iranian individual has admitted guilt in a U.S. court, marking a significant development in an international ransomware and extortion operation tied to the Robbinhood ransomware.
Details of the Case Against Sina Gholinejad
Sina Gholinejad, also known as Sina Ghaaf, aged 37, and several accomplices are accused of infiltrating the computer networks of various American organizations. They encrypted digital files using Robbinhood ransomware, subsequently demanding Bitcoin as ransom for their release.
Gholinejad was apprehended in North Carolina earlier this year, and he has pleaded guilty to charges of computer fraud and abuse, in addition to conspiracy to commit wire fraud. He now faces a possible sentence of up to 30 years in prison, with a sentencing date set for August 2025.
The Extent of the Damage
The U.S. Department of Justice (DoJ) reported that these cyber attacks resulted in major disruptions and incurred losses amounting to tens of millions of dollars. Specific cases include significant financial damage to the City of Greenville, North Carolina, and the City of Baltimore, Maryland. Notably, Baltimore reported losses exceeding $19 million due to the fallout from the cyber incidents, which severely impacted their essential city services. The disruptions affected online systems crucial for processing property taxes, water bills, parking citations, and other revenue-generating functions, impacts that lasted for months.
How the Attacks Were Executed
Court documents revealed that Gholinejad and his collaborators gained and maintained unauthorized access to victim computer networks from January 2019 through March 2024. They copied sensitive data onto virtual private servers they controlled before deploying the ransomware.
The cybercriminals engaged in laundering their illicit gains through cryptocurrency mixing services, often switching assets among various types of cryptocurrencies—a practice known as chain-hopping. They also obscured their identities and operations by utilizing virtual private networks and servers.
The Technical Aspects of Robbinhood Ransomware
Robbinhood ransomware is infamous for employing sophisticated strategies, notably through Bring Your Own Vulnerable Driver (BYOVD) attacks. This method involved exploiting a legitimate but vulnerable Gigabyte driver (gdrv.sys) to escalate privileges and disable security protocols effectively.
The Broader Impact of Cybercrime
Acting U.S. Attorney Daniel P. Bubar for the Eastern District of North Carolina emphasized the real-world consequences of cybercrime, stating, “Cybercrime is not a victimless offense – it is a direct attack on our communities.” Gholinejad’s actions, along with those of his co-conspirators, instigated a ransomware operation that disrupted lives, operations, and local governments, leading to significant financial losses for countless victims and institutions.
