Washington, D.C. – An Iranian national has pleaded guilty to participating in a damaging international ransomware scheme that leveraged the Robbinhood malware to extort millions of dollars from U.S. cities, healthcare systems, and businesses, the U.S. Department of Justice announced Tuesday.
Sina Gholinejad, 37, admitted to his role in a conspiracy that caused tens of millions of dollars in losses and paralyzed essential public services in multiple cities, including Baltimore, Maryland, and Greenville, North Carolina.
Major Disruption to Public Services
Court documents reveal that beginning in January 2019, Gholinejad and his co-conspirators gained unauthorized access to computer networks across the U.S. Once inside, they deployed Robbinhood ransomware to encrypt files and demand Bitcoin payments in exchange for decryption keys. Victims ranged from city governments to corporations and healthcare institutions.
In Baltimore alone, the attack inflicted over $19 million in damage, disabling vital city services such as online payment systems for property taxes, water bills, and parking fines, and forcing hundreds of computers offline for months.
“These ransomware attacks are not victimless,” said Acting U.S. Attorney Daniel P. Bubar of the Eastern District of North Carolina. “They are direct assaults on our cities, businesses, and citizens.”
Sophisticated Criminal Tactics
According to investigators, the cybercriminals used advanced methods to evade detection and obscure their identities, including:
- Virtual Private Networks (VPNs)
- Cryptocurrency mixing services
- “Chain-hopping” — converting payments across various types of digital currency
- Use of remote servers to exfiltrate victim data
The FBI’s Charlotte and Baltimore Field Offices led the investigation, receiving critical support from Bulgarian law enforcement authorities. Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He now faces a maximum of 30 years in federal prison, with sentencing scheduled for August 2025.
“This conviction sends a strong message,” said Matthew R. Galeotti, head of the Justice Department’s Criminal Division. “Cybercriminals who think they can hide overseas will be pursued and held accountable.”
The case highlights the ongoing threat posed by international ransomware actors, many of whom target public institutions with critical infrastructure. The Robbinhood variant used in these attacks is known for crippling municipal networks and demanding high ransoms while threatening the release of stolen data.
Federal officials urge organizations to consult resources at StopRansomware.gov for prevention and response strategies.
