Iranian man pleads guilty to 2019 Baltimore ransomware attack

He faces a maximum penalty of 30 years in prison and is scheduled to be sentenced in August, the Justice Department announced.
Gholinejad and unidentified co-conspirators were behind a string of ransomware attacks between January 2019 and March 2024, according to an April 2024 indictment unsealed on May 27. The Justice Department said Gholinejad and his co-conspirators encrypted files on the targeted networks with the Robbinhood ransomware variant to extort ransom payments.
The conspirators compromised the computer networks of health care organizations, corporations, and other entities across the United States, according to the Justice Department. The cyberattacks also targeted several U.S. cities, including Baltimore in the high-profile 2019 ransomware attack, and caused "significant disruptions" to essential city services, federal authorities said.
The Justice Department added that the conspirators "used the damage they caused these cities to threaten subsequent victims."
Though court documents did not allege a state-backed connection in this case, federal authorities have warned in recent years of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities. Federal agencies have also issued numerous advisories for cyberattacks by foreign groups, including the Islamic Revolutionary Guard Corps.
In November 2023, an Iranian-linked cyber group, Cyber Av3ngers, hacked into the water authority infrastructure in Aliquippa, Pennsylvania. The group took partial control of a system that regulates water pressure, and one that includes technology manufactured in Israel. At the time, federal authorities said the group was looking to disrupt Israeli-made technology in the United States.
Here's how to stay protected. Officials warn against dangerous Medusa ransomware attacks.
Conspirators used hacking tools to gain access to computer networks
Federal authorities said Gholinejad and his co-conspirators gained unauthorized access to computer networks with hacking tools. They copied, transmitted, and stored information and files from the infected victim networks to virtual private servers controlled by the conspirators, according to the indictment.
The conspirators also deployed Robbinhood ransomware on targeted computers to encrypt files and make them inaccessible to the victims, the indictment states. They then extorted victims by requiring the payment of Bitcoin in exchange for the private key used to decrypt the victims' computer files.
The Justice Department said the conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies. According to the indictment, the conspirators concealed their identities and activities through various methods, such as the use of virtual private networks and servers that they controlled.
The attack on Baltimore in 2019 cost the city more than $19 million from damage to computer networks and disruptions to city services that lasted many months, including the processing of property taxes, water bills, parking citations, and other revenue-generating functions, the Justice Department said.
Additional victims include computer networks in the cities of Gresham, Oregon; Yonkers, New York; and Greenville, North Carolina, along with the Glenn-Colusa Irrigation District in California and the nonprofit Berkshire Farm Center and Services for Youth, based in New York, according to the indictment.
"Gholinejad and his co-conspirators -- all of whom were overseas -- caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses," Matthew R. Galeotti, head of the Justice Department's Criminal Division, said in a statement.
"The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," Galeotti added.
Contributing: Claire Thornton, USA TODAY; Reuters

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Daily Mirror

2 hours ago

• Daily Mirror

'Trump's latest golden gimmick has finally been exposed - the grift goes on'

The crooked Trump Organisation's latest golden gimmick, the T1 smartphone - billed as a proudly American alternative to Apple's iPhone 17 - isn't quite as stars-and-stripes as advertised. Marketed under the new "Trump Mobile" brand, the gold-plated handset is due to ship in August and proudly claims to be 'Made in the USA.' But eagle-eyed social media sleuths have already called foul, uncovering that the T1 is actually a Chinese-made Android device in a MAGA makeover… and being flogged for three times its price on Amazon. The Trump Mobile network itself has been dubbed an "All-American service," though critics suggest the only thing truly domestic about it is the markup. The Trump grift goes on. A wannabe photographer learned the hard way that breaking into a prison can land you right where you'd expect - behind bars. Cody Mallon, 19, from Argyle, New York, fancied himself a bit of an urban explorer when he crawled through a hole in the fence of the shuttered Downstate Correctional Facility in Fishkill just after midnight. Once inside, the teen reportedly got a little too into character and managed to lock himself in one of the old cells. Realising freedom wasn't part of the self-guided tour, he had to call for help. State Police and the Glenham Fire Department responded and freed the red-faced inmate-turned-intruder. Mallon was promptly arrested for criminal trespass. Ed the Zebra, who hoofed it out of captivity and trotted into internet stardom, was finally grounded after more than a week on the loose in Tennessee. The stripy fugitive was spotted chilling in a pasture near a local subdivision before being dramatically airlifted by helicopter back to an animal trailer. No frequent flyer miles were earned. A DoorDash driver accidentally turned Chicago O'Hare into his own personal delivery route after driving miles through the airport's restricted roads on Saturday. Airport police say the confused courier wandered along taxiways and secure areas before being spotted by someone in the control tower. Authorities confirmed it was all a mistake, but admitted the driver may have crossed actual runways. No word on whether the food was on time. Things got a little too fraught at a Charlotte commission meeting when protesters released live crickets during a debate on gun violence awareness. The unexpected insect invasion forced a recess while crews rounded up the chirping culprits. 'Disturb the meeting, and you'll be escorted out - or charged,' warned Chair Mark Jerrell.

The Herald Scotland

5 hours ago

• The Herald Scotland

Donald Trump wants prosecutor to investigate 2020 loss to Joe Biden

Trump's efforts to challenge his 2020 election loss to former President Joe Biden failed in court. Independent reviews and leading members of his own administration dismissed his fraud claims. In 2022, eight conservative legal experts published a report called "Lost, Not Stolen," reviewing the evidence in 64 different cases in six swing states -- Arizona, Georgia, Michigan, Nevada, Pennsylvania and Wisconsin. They found that Trump and his allies didn't provide evidence of widespread election fraud. Trump lost every case but one. Trump's own attorney general, William Barr, said in early December 2020 that the Justice Department had "not seen fraud on a scale that could have affected a different outcome in the election." Yet Trump persisted, pressuring Congress to try and overturn the election results in a campaign that culminated on Jan. 6, 2021 when a mob of his supporters stormed the U.S. Capitol. Trump later was impeached and indicted by a grand jury for his actions in the election aftermath, but the Senate acquitted him on the impeachment charge and Special Counsel Jack Smith requested to dismiss the Jan. 6 charges against Trump after he won, which a judge approved. Trump pardoned nearly 1,600 people charged with crimes related to Jan. 6 on his first day back in office. Contributing: Erin Mansfield, Isabel Morales

Scottish Sun

9 hours ago

• Scottish Sun

Murderer caught after cops follow trail of blood from victim, 47, who was stabbed in TV remote row as son pays tribute

TRAIL OF BLOOD Murderer caught after cops follow trail of blood from victim, 47, who was stabbed in TV remote row as son pays tribute A MURDERER was caught after cops followed a trail of blood from the victim after he was stabbed in a TV remote row. James Murray, 47, died in Wythenshawe, Manchester, after being fatally knifed by his flatmate Scott Thomson, 57. 2 James Murray, 47, died after being stabbed with Credit: Greater Manchester Police 2 Scott Thomson was sentenced to 18 years in prison for the murder of James Murray Credit: Greater Manchester Police The pair of pals had moved in together after initially meeting at a hostel. But as the months went by the "co-dependent" relationship soured as Thomson became increasingly suspicious of his flatmate. Tensions surrounding a new TV bought for the flat began to flare, with Thomson claiming that Murray was hogging the remote. On December 4 last year, an argument over the TV remote escalated, with tragic consequences. Read More in UK News EMBASSY DRAMA Protesters attacked outside Iranian Embassy in London as eight arrested Thomson grabbed a 19cm blade and lashed out at his flatmate with the large knife causing fatal damage. The weapon caused an 8cm wound, penetrating through Murray's ribcage and going "straight into his heart". He manage to stagger outside bleeding but Murray then collapsed and died in the street despite the efforts of paramedics to save him. A trail of blood led officers to Thomson's flat, where further evidence of the violent altercation was discovered. Thomson fled the scene but was arrested the next day after approaching cops and admitting his involvement. Thomson was handed a life sentence with a minimum term of 18 years for killing Murray in a hearing at Manchester Crown Court yesterday. In a powerful victim impact statement read out in court, James' son said: 'I would like to pass on thanks to my family liaison officer for all the help and support they have provided to me and my family throughout this process. Abu Yusupov dead at 39- Undefeated boxer stabbed to death after altercation in train station "There is no way to fully express the depth of pain and loss that my father's murder has caused. 'My dad, James, was funny, laid back, and incredibly personable. He had a gift for making people laugh, often by winding us up in a way that only he could. "That was his way—he brought joy and light into every room he entered. He may not have been an angel, he may not have lived the best life, but he was my dad. 'Since the day he was taken from us, my life has changed completely. I am constantly reminded of what has happened. I consistently feel the pain of his murder, there is not a day that goes by that I don't feel the weight of his absence. "I struggle to sleep. I struggle to have a 'normal' day. Even the simplest things have become difficult without him here. 'What hurts the most is knowing that due to Scott Thompson taking my dad's life, I no longer have the opportunity to create new memories with my dad or share my life with him. No milestones, no quiet chats, no laughter, no future together. "The loss of his life is greater than just the loss of a person—it's the loss of time, connection, and a relationship that can never be replaced. 'No sentence can bring him back, but I hope justice can reflect the seriousness of the pain inflicted on our family, and the irreplaceable life that was taken from us. 'The way in which James was taken from the world is a constant memory, a constant image for which I will never be able to unsee and this being solely due to Scott Thomson's actions on December 4 2024. 'I want Scott Thomson to know his actions will never be forgotten or forgiven.' If he is ever released from prison Thomson will be subject to licence for the rest of his life. Senior Investigating Officer Duncan Thorpe said: 'Firstly, our thoughts remain with James' family and friends at this time. 'This was a tragic and totally avoidable incident that highlights the devastating impact knife crime can have. There is no doubt that this issue could have been resolved without weapons. 'Today's sentencing should be a strong deterrent for those carrying and using a knife.'