Posted on 05/27/25
| News Source: WBAL TV
Baltimore, MD - May 27, 2025 - An Iranian national pleaded guilty Tuesday to participating in an international ransomware and extortion scheme involving the Robbinhood ransomware that struck U.S. cities, including Baltimore.
Baltimore City officials discovered malware in 2019 that prompted email, phones and computers to be shut down, which impacted many city services.
Sina Gholinejad, 37, and his co-conspirators compromised the computer networks of cities, corporations, health care organizations and other entities around the United States, according to court documents and statements made in court.
U.S. Department of Justice officials said in a statement that Gholinejad and co-conspirators then encrypted files from the victim networks with Robbinhood ransomware to extort ransom payments.
Baltimore lost more than $19 million from the damage caused to its computer networks and the resulting disruption to several essential city services, including online services for processing property taxes, water bills, parking citations and other revenue-generating functions, which lasted many months.
"Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations and businesses," Matthew R. Galeotti, head of the DOJ's criminal division, said in a statement.
The DOJ said the conspirators used the damage they caused these cities to threaten subsequent victims.
"The ransomware attack against the city of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," Galeotti said in the statement.
Beginning in January 2019, Gholinejad and others gained and maintained unauthorized access to victim computer networks and then copied information from the infected victim networks to virtual private servers controlled by the conspirators, the DOJ said.
| DOCUMENT: Read the indictment (PDF)
The conspirators also deployed Robbinhood ransomware to encrypt the victims' files and extort Bitcoin from victims in exchange for the private key required to decrypt the victims' computer files, the DOJ said.
Federal officials said Gholinejad and his co-conspirators tried to launder the ransom payments through cryptocurrency through a practice known as chain-hopping. They also hid their identities and activities through a number of technical methods, including the use of virtual private networks and servers they operated, the DOJ said.
The DOJ said Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He is scheduled to face a federal judge in August and could face a maximum penalty of 30 years in prison.