Pierluigi Paganini May 28, 2025

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy.

Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore and Greenville. The attacks caused major disruptions and over $19 million in damages to Baltimore alone, affecting key services like billing and citations. Gholinejad and his co-conspirators used these high-impact incidents to pressure future victims into paying ransoms.

In May 2019, for the second time in a year, the systems of the city of Baltimore were hit by a ransomware attack, forcing officials to shut down a majority of them.

The attack impacted multiple services, including online payment portals for water bills and and property taxes.

“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U. S. cities, health care organizations, and businesses,” said Matthew R. Galeotti, Head of the Justice Department’s Criminal Division. “The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months. Gholinejad’s conviction reflects the Criminal Division’s commitment to bringing cybercriminals who target our cities, healthcare system, and businesses to justice no matter where they are located. There will be no impunity for these destructive attacks.”

Starting in 2019, Gholinejad and and his co-conspirators hacked into U.S. networks, stole data, and deployed Robbinhood ransomware to demand Bitcoin ransoms. They laundered payments using crypto mixers and chain-hopping, while masking their identities with VPNs and private servers.

Sina Gholinejad pleaded guilty to computer fraud and wire fraud conspiracy. He faces up to 30 years in prison, the sentence is set for August.

“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said Acting Special Agent in Charge James C. Barnacle Jr. of the FBI’s Charlotte Field Office. “This case demonstrates the capability and resolve of the FBI and our partners to find and impose consequences on cybercriminals no matter where they attempt to hide.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)