An Iranian cybercriminal who helped cripple Baltimore’s city government and caused tens of millions in damages across America will now face up to 30 years in prison after pleading guilty to participating in the devastating Robbinhood ransomware scheme.
Key Takeaways
- Sina Gholinejad, an Iranian citizen, pleaded guilty to computer fraud and conspiracy to commit wire fraud for his role in the Robbinhood ransomware scheme targeting American cities and organizations.
- The attacks cost Baltimore alone more than $19 million and disrupted essential public services in multiple cities including Greenville, N.C., and Yonkers, N.Y.
- Gholinejad and his overseas co-conspirators used sophisticated methods including virtual private networks, cryptocurrency mixing, and chain-hopping to hide their identities.
- The scheme operated from January 2019 through at least March 2020, with Gholinejad arrested in North Carolina in January 2025.
- This case highlights the growing threat of foreign-based cyber attacks against American infrastructure, with the perpetrator now facing up to three decades in federal prison.
Massive Financial Damage From Foreign Cyber Attack
Sina Gholinejad, an Iranian national, has admitted to participating in a devastating ransomware operation that targeted American cities, healthcare organizations, and businesses. The criminal scheme, which operated from January 2019 through at least March 2020, caused tens of millions of dollars in damages across multiple states. Gholinejad specifically pleaded guilty to computer fraud and abuse and conspiracy to commit wire fraud, crimes that carry a combined maximum sentence of 30 years in federal prison. The attack on Baltimore alone cost the city over $19 million in damages and recovery expenses.
“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,” said Matthew R. Galeotti, Acting Section Chief for the Justice Department’s Computer Crime and Intellectual Property Section.
Sophisticated Criminal Operation With International Reach
Court documents reveal that Gholinejad conducted online research for the scheme, while his unnamed co-conspirators executed other aspects of the operation. The cybercriminals employed sophisticated technical methods to conceal their identities, including virtual private networks and operating servers designed to hide their locations. The ransomware attacks systematically infiltrated networks, encrypted critical data, and then demanded payment from victims to restore access. Beyond Baltimore, other affected cities included Greenville, North Carolina, and Yonkers, New York, along with a nonprofit and a medical group.
“Gholinejad and his co-conspirators attempted to launder the ransom payments through cryptocurrency mixing services and by moving assets between different types of cryptocurrencies, a practice known as chain-hopping,” stated a Justice Department news release.
Major Disruption To American Cities And Services
The Robbinhood ransomware attacks caused significant disruptions to essential public services. In Baltimore, critical systems for property tax processing, water bills, and parking citations were rendered inoperable. Initially charged with seven criminal counts in a sealed indictment that has now been made public, Gholinejad was arrested in North Carolina in January 2025. The FBI’s Charlotte Field Office led the investigation with assistance from the FBI Baltimore Field Office and international partners in Bulgaria, demonstrating the global reach required to combat cybercrime originating from foreign territories.
“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said James C. Barnacle Jr.
Strong Response To Growing Cyber Threat
President Trump’s administration has prioritized cracking down on foreign cyber threats, with this case representing a significant victory. The Eastern District of North Carolina prosecuted the case with involvement from the FBI and the U.S. Justice Department’s National Security Division. The Department emphasized the importance of protecting networks against ransomware, urging organizations to utilize resources available at StopRansomware.gov. This case demonstrates that foreign actors attempting to attack American infrastructure will face serious consequences regardless of where they operate from.
“Cybercrime is not a victimless offense — it is a direct attack on our communities, as seen in this case. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions,” said Daniel P. Bubar
