An Iranian hacker pleaded guilty on Tuesday for taking part in a massive ransomware campaign that disrupted several major US city governments – including Baltimore, Maryland – causing tens of millions of dollars in losses.
US Department of Justice (DoJ) officials say 37-year-old Iranian national Sina Gholinejad and other co-conspirators are responsible for a spree of devastating ransomware attacks targeting multiple US city governments, corporations, health care organizations, and more since 2019.
Gholinejam, who pleaded guilty in the US Eastern District Court of North Carolina to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud, now faces a maximum penalty of 30 years in prison.
Using the Robbinhood ransomware variant to extort their US victims from overseas, officials say Gholinejad and his cohorts caused tens of millions of dollars in damages by disrupting local government operations and public services.
The hardest hit cities included the City of Baltimore, Maryland; the City of Yonkers, New York; and the City of Greenville, North Carolina.
“The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months, said Matthew R. Galeotti, Head of the DoJ’s Criminal Division.
Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
undefined Criminal Division (@DOJCrimDiv) May 27, 2025
🔗: https://t.co/ow5O5uWR0J pic.twitter.com/IswkrjhIS6
The months-long Baltimore attack resulted in more than $19 million in losses from both the damage caused to their computer networks and disruptions to essential city services, and other revenue-generating functions such as property tax and parking violation collections.
During the targeted extortion scheme, which spanned from 2019 through March 2024, the hackers gained and maintained unauthorized access to victim computer networks, and then copied information from the infected networks to virtual private servers they controlled, the DoJ said.
Gholinejad and his gang used multiple VPN service providers located in Europe and elsewhere, including in Bulgaria and the Netherlands, to hide their identities and malicious activities, according to the indictment filed in the US Eastern District Court of North Carolina on April 4th.
Leveraging “sophisticated tools and tradecraft,” the ransomware gang was said to have used double extortion tactics, meaning the group would demand payment in bitcoin for a decryption key, and then a second payment to delete the files it stole.
The group further attempted to launder their ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies, a practice known as chain-hopping, the DoJ said.
Additional victims listed in the court filings were the City of Gresham, Oregon, the non-profit Berkshire Farm Center and Services for Youth in New York, the Meridian Medical Group in New Jersey, and the Glenn-Colusa Irrigation District in California.
“Cybercrime is not a victimless offense – it is a direct attack on our communities... a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions,” said acting US Attorney Daniel Bubar for the Eastern District of North Carolina.
Gholinejad is scheduled to be sentenced in August.
Your email address will not be published. Required fields are markedmarked