Iranian man pleads guilty to ransomware attacks that targeted Baltimore, other US cities

Iranian man pleads guilty to ransomware attacks that targeted Baltimore, other US cities
Show Caption
Hide Caption
How to avoid scams and frauds online
Avoid scams and frauds online with these cybersecurity tips.
An Iranian national pleaded guilty for his role in an international ransomware scheme that targeted the computer networks of Baltimore and other U.S. cities, causing tens of millions of dollars in losses and disrupting services, federal authorities said.
Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud on May 27, the U.S. Department of Justice said in a news release. Gholinejad was arrested on January 10 at Raleigh-Durham International Airport in North Carolina, federal court records show.
He faces a maximum penalty of 30 years in prison and is scheduled to be sentenced in August, the Justice Department announced.
Gholinejad and unidentified co-conspirators were behind a string of ransomware attacks between January 2019 and March 2024, according to an April 2024 indictment unsealed on May 27. The Justice Department said Gholinejad and his co-conspirators encrypted files on the targeted networks with the Robbinhood ransomware variant to extort ransom payments.
The conspirators compromised the computer networks of health care organizations, corporations, and other entities across the United States, according to the Justice Department. The cyberattacks also targeted several U.S. cities, including Baltimore in the high-profile 2019 ransomware attack, and caused "significant disruptions" to essential city services, federal authorities said.
The Justice Department added that the conspirators "used the damage they caused these cities to threaten subsequent victims."
Though court documents did not allege a state-backed connection in this case, federal authorities have warned in recent years of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities. Federal agencies have also issued numerous advisories for cyberattacks by foreign groups, including the Islamic Revolutionary Guard Corps.
In November 2023, an Iranian-linked cyber group, Cyber Av3ngers, hacked into the water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure, and one that includes technology manufactured in Israel. At the time, federal authorities said the group was looking to disrupt Israeli-made technology in the United States.
Here's how to stay protected. Officials warn against dangerous Medusa ransomware attacks.
Conspirators used hacking tools to gain access to computer networks
Federal authorities said Gholinejad and his co-conspirators gained unauthorized access to computer networks with hacking tools. They copied, transmitted, and stored information and files from the infected victim networks to virtual private servers controlled by the conspirators, according to the indictment.
The conspirators also deployed Robbinhood ransomware on targeted computers to encrypt files and make them inaccessible to the victims, the indictment states. They then extorted victims by requiring the payment of Bitcoin in exchange for the private key used to decrypt the victims' computer files.
The Justice Department said the conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies. According to the indictment, the conspirators concealed their identities and activities through various methods, such as the use of virtual private networks and servers that they controlled.
The attack on Baltimore in 2019 cost the city more than $19 million from damage to computer networks and disruptions to city services that lasted many months, including the processing of property taxes, water bills, parking citations, and other revenue-generating functions, the Justice Department said.
Additional victims include computer networks in the cities of Gresham, Oregon; Yonkers, New York; and Greenville, North Carolina, along with the Glenn-Colusa Irrigation District in California and the nonprofit Berkshire Farm Center and Services for Youth, based in New York, according to the indictment.
'Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,' Matthew R. Galeotti, head of the Justice Department's Criminal Division, said in a statement.
"The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," Galeotti added.
Contributing: Claire Thornton, USA TODAY; Reuters

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Hamilton Spectator

2 hours ago

• Hamilton Spectator

A confidential brief to the ICC accuses Russia-linked Wagner of promoting atrocities in West Africa

DAKAR, Senegal (AP) — Editor's Note: This story contains graphic images and descriptions of atrocities. The International Criminal Court has been asked to review a confidential legal report asserting that the Russia-linked Wagner Group has committed war crimes by spreading images of apparent atrocities in West Africa on social media, including ones alluding to cannibalism, according to the brief seen exclusively by The Associated Press. In the videos, men in military uniform are shown butchering corpses of what appear to be civilians with machetes, hacking out organs and posing with severed limbs. One fighter says he is about to eat someone's liver. Another says he is trying to remove their heart. Violence in the Sahel, an arid belt of land south of the Sahara Desert, has reached record levels as military governments battle extremist groups linked to al-Qaida and the Islamic State group. Turning from Western allies like the United States and France, the governments in Mali , Burkina Faso and Niger have instead embraced Russia and its mercenary fighters as partners in offensives. Observers say the new approach has led to the kind of atrocities and dehumanization not seen in the region for decades. Social media offers a window into the alleged horrors that often occur in remote areas with little or no oversight from governments or outside observers. Experts say the images, while difficult to verify, could serve as evidence of war crimes. The confidential brief to the ICC goes further, arguing that the act of circulating the images on social media could constitute a war crime, too. It is the first such argument made to the international court. 'Wagner has deftly leveraged information and communications technologies to cultivate and promote its global brand as ruthless mercenaries. Their Telegram network in particular, which depicts their conduct across the Sahel, serves as a proud public display of their brutality,' said Lindsay Freeman, director of the Technology, Law & Policy program at the Human Rights Center, UC Berkeley School of Law. Under the Rome Statute that created the ICC, the violation of personal dignity, mainly through humiliating and degrading treatment, constitutes a war crime. Legal experts from UC Berkeley, who submitted the brief to the ICC last year, argue that such treatment could include Wagner's alleged weaponization of social media. 'The online distribution of these images could constitute the war crime of outrages on personal dignity and the crime against humanity of other inhumane acts for psychologically terrorizing the civilian population,' Freeman said. She said there is legal precedent in some European courts for charging the war crime of outrages on personal dignity based predominantly on social media evidence. The brief asks the ICC to investigate individuals with Wagner and the governments of Mali and Russia for alleged abuses in northern and central Mali between December 2021 and July 2024, including extrajudicial killings, torture, mutilation and cannibalism. It also asks the court to investigate crimes 'committed through the internet, which are inextricably linked to the physical crimes and add a new dimension of harm to an extended group of victims.' The Office of the Prosecutor of the ICC said their investigations have focused on alleged war crimes committed since January 2012, when insurgents seized communities in Mali's northern regions of Gao, Kidal and Timbuktu. The ICC told the AP it could not comment on the brief but said it was aware of 'various reports of alleged massive human rights violations in other parts of Mali,' adding that it 'follows closely the situation.' Wagner did not respond to questions about the videos. World's deadliest region for terrorism, think tank says As the world largely focuses on wars in Gaza, Ukraine and Sudan, the Sahel has become the deadliest place on earth for extremism. Half of the world's nearly 8,000 victims of terrorism were killed across the territory last year, according to the Institute for Economics and Peace, which compiles yearly data. While the U.S. and other Western powers withdraw from the region, Russia has taken advantage, expanding military cooperation with several African nations via Wagner, the private security company . The network of mercenaries and businesses is closely linked to Russia's intelligence and military, and the U.S. State Department has described it as 'a transnational criminal organization.' Since Wagner leader Yevgeny Prigozhin was killed in a plane crash in 2023, Moscow has been developing a new organization, the Africa Corps, as a rival force under direct command of Russian authorities. Earlier this month, Wagner announced its withdrawal from Mali, declaring 'mission accomplished' in a Telegram post. In a separate Telegram post, Africa Corps said it is staying. In Mali, about 2,000 Russian mercenaries are fighting alongside the country's armed forces, according to U.S. officials. It is unclear how many have been with Wagner or are with the Africa Corps. Both the Russian mercenaries and local military allies have shared bloody imagery on social media to claim battlefield wins, observers say. 'The mutilation of civilians and combatants by all sides is disturbing enough,' said Corinne Dufka, a Sahel expert and the former head of Human Rights Watch in the region. 'But the dissemination of these scenes on social media further elevates the depravity and suggests a growing and worrying level of dehumanization is taking root in the Sahel.' The confidential brief, along with AP reporting, shows that a network of social media channels, likely administrated by current or former Wagner members, has reposted content that the channels say are from Wagner fighters, promoting videos and photos appearing to show abuses by armed, uniformed men, often accompanied by mocking or dehumanizing language. While administrators of the channels are anonymous, open source analysts believe they are current or former Wagner fighters based on the content as well as graphics used, including in some cases Wagner's logo. AP analysis of the videos confirms the body parts shown are genuine, as well as the military uniforms. The videos and photos, in a mix of French and local languages, aim to humiliate and threaten those considered the enemies of Wagner and its local military allies, along with civilian populations whose youth face pressure to join extremist groups. But experts say it often has the opposite effect, prompting reprisal attacks and recruitment into the ranks of jihadis. If the videos aim to deter and terrorize, it's working, some in Mali say. The ones appearing to show atrocities committed by Malian soldiers 'caused a psychological shock in the Fulani community,' a representative of the nomadic community's civil society told the AP, speaking on condition of anonymity for fear of retaliation. The Fulani are often caught in the middle of the fight against extremism, the focus of violence from both government forces and extremists, and of jihadi recruitment. Thousands of Fulani have fled to neighboring countries in fear of being victimized, the representative said, and asserted that at least 1,000 others disappeared last year after encountering Mali's army or allied militias, including Wagner. Condemnation and investigations In July last year, a Wagner-affiliated Telegram channel reposted three videos of what appeared to be Mali's armed forces and the Dozo hunters, a local defense group often fighting alongside them, committing apparent abuses that allude to cannibalism. One video shows a man in the uniform of Mali's armed forces cooking what he says are body parts. Another shows a man dressed as a Dozo hunter cutting into a human body, saying he is about to eat the liver. In a third video, a group of Dozo fighters roasts what appears to be a human torso. One man carves off a hunk of flesh and tosses it to another. Mali's army ordered an investigation into the viral videos, which were removed from X for violating the platform's rules and put behind a paywall on Telegram. The army chief described it as 'rare atrocity' which was not aligned with the nation's military values, and 'competent services' would confirm and identify the perpetrators. It was not clear whether anyone was identified. A video apparently from Burkina Faso, shared on X the same month, showed an armed man in military pants and sleeveless shirt dancing, holding a severed hand and foot, at one point grinning as the foot dangled from his teeth. In another, a man in Burkinabe military uniform cuts through what appears to be a human body. He says: 'Good meat indeed. We are Cobra 2.' Another man is heard saying: 'This is BIR 15. BIR 15 always does well its job, by all means. Fatherland or death, we shall win.' BIR 15 Cobra 2 is the name of a special intervention unit created by Burkina Faso's ruler, Ibrahim Traore, to combat extremists. 'Fatherland or death' is the motto of pro-government forces. The videos were removed from X and put behind a paywall on Telegram. Burkina Faso's army condemned the videos' 'macabre acts' and described them as 'unbearable images of rare cruelty.' The army said it was working to identify those responsible, adding that it 'distances itself from these inhumane practices.' It was not clear whether anyone has been identified. Other posts shared by alleged Wagner-affiliated channels include images of what appear to be mutilated corpses and beheaded, castrated and dismembered bodies of people, including ones described as extremist fighters, often accompanied with mocking commentary. One post shows two white men in military attire with what appears to be a human roasting on a spit, with the caption: 'The meat you hunt always tastes better,' along with an emoji of a Russian flag. It is hard to know at what scale cannibalism might occur in the context of warfare in the Sahel, and actual cases are 'likely rare,' said Danny Hoffman, chair in international studies at the University of Washington. But 'the real force of these stories comes from the fascination and fear they create,' Hoffman said of the videos, with the digital age making rumors of violence even more widespread and effective. 'Whether it is Wagner or local fighters or political leaders, being associated with cannibalism or ritual killings or mutilations is being associated with an extreme form of power,' he said. Some of the graphic posts have been removed. Other content was moved behind a paywall. Telegram told the AP in a statement: 'Content that encourages violence is explicitly forbidden by Telegram's terms of service and is removed whenever discovered. Moderators empowered with custom AI and machine learning tools proactively monitor public parts of the platform and accept reports in order to remove millions of pieces of harmful content each day.' It did not say whether it acts on material behind a paywall. 'White Uncles in Africa' The Telegram channel White Uncles in Africa has emerged as the leading source of graphic imagery and dehumanizing language from the Sahel, reposting all the Mali videos. UC Berkeley experts and open source analysts believe it is administered by current or former Wagner members, but they have not been able to identify them. While the channel re-posts images from subscribers, it also posts original content. In May of this year, the channel posted a photo of eight bodies of what appeared to be civilians, face-down on the ground with hands bound, with the caption: 'The white uncles found and neutralized a breeding ground for a hostile life form.' It also shared an image of a person appearing to be tortured, with the caption describing him as a 'hostile life form' being taken 'for research.' Human Rights Watch has documented atrocities committed in Mali by Wagner and other armed groups. It says accountability for alleged abuses has been minimal, with the military government reluctant to investigate its armed forces and Russian mercenaries. It has become difficult to obtain detailed information on alleged abuses because of the Malian government's 'relentless assault against the political opposition, civil society groups, the media and peaceful dissent,' said Ilaria Allegrozzi, the group's Sahel researcher. That has worsened after a U.N. peacekeeping mission withdrew from Mali in December 2023 at the government's request. That void, she said, 'has eased the way for further atrocities' — and left social media as one of the best ways to glimpse what's happening on the ground. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .

Hamilton Spectator

2 hours ago

• Hamilton Spectator

Takeaways from AP report on accusation that Wagner commits war crimes by promoting atrocities

DAKAR, Senegal (AP) — Editor's Note: This story contains graphic images and descriptions of atrocities. The International Criminal Court has been asked to review a confidential legal brief asserting that the Russia-linked Wagner Group has committed war crimes by spreading images of apparent atrocities in West Africa on social media, including ones alluding to cannibalism. The brief was seen exclusively by The Associated Press. Violence in the Sahel, an arid belt of land south of the Sahara Desert, has reached record levels as military governments battle extremist groups linked to al-Qaida and the Islamic State group. Last year, it became the deadliest place on earth for extremism, with half of the world's nearly 8,000 victims killed across the territory, according to yearly data compiled by the Institute for Economics and Peace. While the United States and other Western powers withdraw from the region, Russia has taken advantage, expanding military cooperation with several African nations via Wagner, the private security company closely linked to Russia's intelligence and military. Observers say the new approach has led to the kind of atrocities and dehumanization not seen in the region for decades. Social media offers a window into the alleged horrors that often occur in remote areas with little or no oversight from governments or outside observers. Experts say the images, while difficult to verify, could serve as evidence of war crimes. The confidential brief to the ICC goes further, arguing that the act of circulating the images on social media could constitute a war crime, too. It is the first such argument made to the international court. Here are some takeaways from AP's report on the issue. Videos which humiliate and dehumanize The brief, along with AP reporting, shows that a network of social media channels, likely administrated by current or former Wagner members, has reposted content that the channels say are from Wagner fighters. They promote videos and photos appearing to show abuses by armed, uniformed men, often accompanied by mocking or dehumanizing language. In the videos, men in military uniform are shown butchering corpses of what appear to be civilians with machetes, hacking out organs and posing with severed limbs. One fighter says he is about to eat someone's liver. Another says he is trying to remove their heart. While administrators of the channels are anonymous, open source analysts believe they are current or former Wagner fighters based on the content as well as graphics used, including in some cases Wagner's logo. AP analysis of the videos confirms the body parts shown are genuine, as well as the military uniforms. The videos and photos, in a mix of French and local languages, aim to humiliate and threaten those considered the enemies of Wagner and its local military allies, along with civilian populations whose youth face pressure to join extremist groups. But experts say it often has the opposite effect, prompting reprisal attacks and recruitment into the ranks of jihadis. The governments of Mali and Burkina Faso earlier condemned the graphic videos and said they would look into them, but it is not clear whether anyone in them has been identified. Russia's presence continues The U.S. State Department has described Wagner, a network of mercenaries and businesses, as 'a transnational criminal organization.' Wagner did not respond to AP questions about the videos. Since Wagner leader Yevgeny Prigozhin was killed in a plane crash in 2023, Moscow has been developing a new organization, the Africa Corps, as a rival force under direct command of Russian authorities. Earlier this month, Wagner announced its withdrawal from Mali, declaring 'mission accomplished' in a Telegram post. In a separate Telegram post, Africa Corps said it is staying. In Mali, about 2,000 Russian mercenaries are fighting alongside the country's armed forces, according to U.S. officials. It is unclear how many have been with Wagner or are with the Africa Corps. Outrages on personal dignity Under the Rome Statute that created the ICC, the violation of personal dignity, mainly through humiliating and degrading treatment, constitutes a war crime. Legal experts from UC Berkeley, who submitted the brief to the ICC last year, argue that such treatment could include Wagner's alleged weaponization of social media. The brief asks the ICC to investigate individuals with Wagner and the governments of Mali and Russia for alleged abuses in northern and central Mali between December 2021 and July 2024, including extrajudicial killings, torture, mutilation and cannibalism. It also asks the court to investigate crimes 'committed through the internet, which are inextricably linked to the physical crimes and add a new dimension of harm to an extended group of victims.' The ICC told the AP it could not comment on the brief but said it was aware of 'various reports of alleged massive human rights violations in other parts of Mali,' adding that it 'follows closely the situation.' Its Office of the Prosecutor said investigations have focused on alleged war crimes committed since January 2012, when insurgents seized communities in Mali's northern regions of Gao, Kidal and Timbuktu. Lack of accountability Human Rights Watch has documented atrocities committed in Mali by Wagner and other armed groups. It says accountability for alleged abuses has been minimal, with the military government reluctant to investigate its armed forces and Russian mercenaries. It has become difficult to obtain detailed information on alleged abuses because of the Malian government's 'relentless assault against the political opposition, civil society groups, the media and peaceful dissent,' said Ilaria Allegrozzi, the group's Sahel researcher. That has worsened after a U.N. peacekeeping mission withdrew from Mali in December 2023 at the government's request. That void, she said, 'has eased the way for further atrocities.' Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .

New York Post

11 hours ago

• New York Post

Deadly Russian assaults on Ukraine continue as date for new peace talks nears

At least one person was killed in Ukraine Friday night as Russia continued its unrelenting attacks, despite both parties reportedly inching closer to a new round of peace talks. A barrage of more than 20 Russian drones rained down on residential areas in the Ukrainian port city of Odesa and the northeastern city of Kharkiv overnight, according to officials. One civilian was killed and almost two dozen were injured, including two girls — 12 and 17-years-old — and three emergency workers. The strikes sparked fires that caused the partial collapse of a four-story apartment building and tore through the upper floors of a 23-story high-rise, leading to the evacuation of about 600 residents. Advertisement 4 Firefighters evacuated residents from a burning apartment building following Russia's massive air attack in Odesa. AP The Kremlin's attack also included 86 Iranian Shahed and decoy drones blasted across the country into Saturday, Ukrainian President Volodymyr Zelensky said in a post on Telegram. 'Russia continues its tactics of targeted terror against our people,' Zelensky said in the post. Advertisement He called on Western countries to keep the pressure on Russia, including through sanctions. 'The sooner the sick people in the Kremlin lose the ability to finance the war, the more lives we can save in Ukraine,' Zelensky said. 4 Emergency responders worked at the site of an apartment building hit by a Russian drone strike in Odesa. via REUTERS In the 24 hours leading up to the nighttime attack, Russia bombarded its neighbor with hundreds more drones and cruise and ballistic missiles, according to Ukraine's air force. Advertisement The attacks followed an assault on Kyiv Tuesday that killed 28 and injured 142 others — marking the deadliest onslaught on the capital city this year. Meanwhile, the warring countries completed another round of prisoner exchanges on Friday, the second trade of POWs and soldiers' remains in two days, though neither side specified how many people were involved in the swap. 4 A kitchen in a high-rise apartment building was destroyed in a Russian drone attack in Odesa. AFP via Getty Images Zelensky said on X that most of his country's POWs had been held by Russia for more than two years, following their full-scale invasion of Ukraine in 2022. Advertisement The oldest of the released captives was 63 years old and another, a 45-year-old service member, was released on his birthday, Ukrainian negotiator Dmytro Lubinets said. Zelensky also charged Russian President Vladimir Putin with using the return of the dead to obscure the scale of its military losses from the public, the Kyiv Independent reported. 4 Residential buildings, businesses, civilian infrastructure and cars were wrecked in the overnight attacks, officials said. AFP via Getty Images At a press conference Friday, Zelensky said authorities confirmed that at least 20 of the bodies returned as Ukrainians were actually Russian soldiers. The two countries have carried out a series of swaps since renewing peace talks, which in Istanbul last month. The last negotiations were held on June 2 and though Kyiv has not spoken recently of them resuming, Kremlin spokesman Dmitry Peskov said Friday that the date for the next round is expected to be agreed upon this coming week. With Post wires