A 45-year-old Romanian national pleaded guilty this week to hacking into computers at Oregon’s Department of Emergency Management in June 2021 and selling the access he obtained for $3,000 worth of Bitcoin.

Catalin Dragomir also hacked into 10 other U.S. companies, causing financial losses of at least $250,000. 

He was arrested in Romania in November 2024 and was extradited to the U.S. last year. In court on Thursday, Dragomir pleaded guilty to obtaining information from a protected computer and one count of aggravated identity theft. He will be sentenced in May and is facing up to seven years in prison. 

Prosecutors said Dragomir used the online moniker “inthematrixl” and others to offer initial access services on cybercriminal platforms. On June 15, 2021, he posted on the dark web offering administrative credentials to the network of Oregon’s Office of Emergency Management.

He eventually negotiated the sale of his access and breached the organization’s network repeatedly to prove that what he was offering was legitimate. He sent screenshots and the login information of an Oregon Office of Emergency Management employee, including the person’s name, date of birth, Social Security number and email address. 

The guilty plea is a rare instance where a hacker involved in the breach of a municipal government office has been brought to justice. 

In the last week, multiple local governments across the U.S. have come forward to warn citizens of cyberattacks that took down critical systems used by thousands of Americans. 

Cities in Connecticut, West Virginia, Oklahoma and Pennsylvania reported damaging cyber incidents this week while two of the biggest hospitals in Mississippi and Montana struggled to recover following cyberattacks. 

The attack on The University of Mississippi Medical Center (UMMC) was particularly devastating, forcing the hospital to close all 35 of its clinic locations due to a ransomware incident. 

In notices on social media, the organization said its hospitals and emergency departments are operational but are using downtime procedures. The FBI and Department of Homeland Security are assisting the hospital in the recovery effort.

“As a precaution, we have shut down all our network systems and will conduct risk assessments before bringing anything back online,” UMMC said. 

All elective and outpatient surgeries as well as imaging appointments have been cancelled. 

LouAnn Woodward, a senior official at UMMC, held a press conference on Thursday alongside the FBI where she confirmed it was a ransomware attack and said they are in contact with the hackers. 

“The attackers have communicated to us and we are working with the authorities and specialists on next steps. We do not know how long this situation may last,” she said.