
Iranian national Sina Gholinejad faces up to 30 years in federal prison after pleading guilty to orchestrating a devastating ransomware attack that cost American cities tens of millions of dollars and crippled essential public services.
Key Takeaways
- Iranian national Sina Gholinejad pleaded guilty to participating in the Robbinhood ransomware scheme that targeted U.S. cities, healthcare organizations, and businesses
- The attacks caused over $19 million in damages to Baltimore alone and disrupted essential services in multiple cities including Greenville, N.C., and Yonkers, N.Y.
- Gholinejad faces up to 30 years in prison after pleading guilty to computer fraud and abuse and conspiracy to commit wire fraud
- The criminals operated from overseas using sophisticated encryption tools and attempted to launder ransom payments through cryptocurrency mixing services
- The FBI’s Charlotte Field Office led the investigation with international assistance from partners in Bulgaria
Foreign Cyber Attack Inflicts Massive Damage on American Cities
An Iranian man has admitted to orchestrating a sophisticated ransomware scheme that crippled American cities and organizations, causing tens of millions in damages. Sina Gholinejad pleaded guilty to computer fraud and abuse and conspiracy to commit wire fraud, acknowledging his role in the devastating Robbinhood ransomware attacks that began in January 2019 and continued through at least March of the previous year. The cyber attacks specifically targeted American cities, healthcare organizations, and businesses in California, Maryland, New Jersey, and New York with Gholinejad conducting online research while unnamed co-conspirators executed other aspects of the operation.
“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,” said Matthew R. Galeotti of the Justice Department.
The attacks were particularly devastating to the city of Baltimore, which suffered losses exceeding $19 million after its systems were compromised in 2019. Other affected areas included Greenville, North Carolina, and Yonkers, New York, along with a nonprofit organization and a medical group. The ransomware disrupted critical public services including property tax processing, water bills, and parking citations, effectively paralyzing municipal operations and forcing cities to spend millions on recovery efforts while citizens were left without access to essential services.
Sophisticated Criminal Enterprise Operating From Overseas
The investigation revealed the sophisticated nature of the operation, with Gholinejad and his co-conspirators using virtual private networks and other technical methods to conceal their identities while conducting the attacks. They established cryptocurrency wallets to receive Bitcoin ransom payments and employed advanced laundering techniques to hide their illicit gains. The Justice Department detailed how the criminals attempted to obscure the source of their funds through a process known as “chain-hopping” – moving assets between different types of cryptocurrencies to complicate tracking efforts.
“Gholinejad and his co-conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies, a practice known as chain-hopping,” stated the Justice Department news release.
Gholinejad was arrested in North Carolina in January after being initially charged with seven criminal counts in a sealed indictment. The case highlights the ongoing threat of foreign actors targeting American infrastructure through cyber means – a growing concern for national security officials who have warned that hostile foreign governments often either sponsor or turn a blind eye to cybercriminals operating from their territories, particularly when the targets are American institutions.
Law Enforcement Response and National Security Implications
The FBI’s Charlotte Field Office led the investigation with assistance from the FBI Baltimore Field Office and international partners in Bulgaria. The case was prosecuted by the Eastern District of North Carolina with involvement from the U.S. Justice Department’s National Security Division, underscoring the seriousness with which federal authorities view these attacks on American infrastructure. The successful prosecution demonstrates President Trump’s administration’s commitment to pursuing foreign actors who target American systems.
“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said James C. Barnacle Jr.
Acting U.S. Attorney Daniel P. Bubar emphasized the real-world impact of these digital crimes, stating “Cybercrime is not a victimless offense — it is a direct attack on our communities, as seen in this case. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions.” The Justice Department continues to emphasize the importance of protecting networks against ransomware, with resources available to stop ransomware for organizations seeking to improve their cyber defenses.