An Iranian man has admitted his role in a major international ransomware operation that caused tens of millions of dollars in damages and severely disrupted public services across the United States.
Sina Gholinejad, 37, entered a guilty plea on Tuesday, May 27, 2025, for his part in deploying the Robbinhood ransomware. This criminal enterprise targeted cities, businesses, and healthcare organizations, locking down their computer systems and demanding ransom payments.
Starting in January 2019, Gholinejad and his co-conspirators, who operated from overseas, gained unauthorized access to the victim’s computer networks. They would then steal information and use the Robbinhood ransomware to encrypt files, making them inaccessible. To restore access, they demanded ransom, typically in Bitcoin.
The criminals also attempted to hide their tracks by using cryptocurrency mixing services, switching between different digital currencies (known as chain-hopping), and employing virtual private networks.
The impact of these attacks was severe. The City of Baltimore, Maryland, for instance, suffered over $19 million in losses due to the damage and the prolonged shutdown of essential services. For months, residents couldn’t process property taxes, water bills, or parking citations online.
The City of Greenville, North Carolina, was also heavily affected, as were the cities of Gresham, Oregon, and Yonkers, New York. These criminals even used the disruption they caused in cities like Baltimore to threaten future victims, leveraging their notoriety to extort more money.
Regarding the Baltimore incident and other similar attacks, Hackread.com previously reported a significant link: the use of a stolen tool called EternalBlue. This was a powerful spying tool first made by the US National Security Agency (NSA) to break into computer systems.
A group called Shadow Brokers leaked it in 2017. After that, it was used in big worldwide cyberattacks like WannaCry and NotPetya. Interestingly, the attackers in these urban ransomware campaigns, including Baltimore, where NSA headquarters are located, were utilizing this very tool.
The Justice Department emphasized its commitment to prosecuting cybercriminals regardless of their location. Officials highlighted that these attacks were a direct assault on communities, disrupting lives and local governments. Gholinejad’s guilty plea is seen as a significant step towards justice for the numerous victims.
Sina Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He now faces a potential maximum sentence of 30 years in prison. His sentencing is scheduled for August.
The FBI’s Charlotte Field Office led the investigation, with crucial support from the FBI Baltimore Field Office and international partners in Bulgaria, who assisted in gathering evidence.
This case serves as a powerful reminder that law enforcement agencies are determined to identify and hold accountable those who exploit online infrastructure for personal gain.
