Massive Ransomware Scheme PENETRATES US Infrastructure

Gloved hand on laptop with ransomware screen.

Iranian hacker Sina Gholinejad faces up to 30 years in prison after pleading guilty to orchestrating devastating ransomware attacks that cost Baltimore alone over $19 million and crippled essential public services across multiple U.S. cities.

Key Takeaways

  • Iranian national Sina Gholinejad has pleaded guilty to participating in the Robbinhood ransomware scheme that targeted U.S. cities, healthcare organizations, and businesses
  • The attacks caused tens of millions of dollars in damages, with Baltimore alone suffering over $19 million in losses and disruption to essential services
  • Gholinejad faces up to 30 years in prison after admitting to computer fraud and abuse and conspiracy to commit wire fraud charges
  • The cybercriminals operated from overseas using sophisticated tools to encrypt files, virtual private networks to hide their identities, and cryptocurrency mixing to launder ransom payments
  • The FBI Charlotte Field Office led the investigation with international assistance from partners in Bulgaria

International Cyber Threat Lands in U.S. Court

An Iranian national has admitted to participating in a massive ransomware operation that targeted and crippled American cities and organizations. Sina Gholinejad pleaded guilty to computer fraud and abuse and conspiracy to commit wire fraud for his role in the notorious Robbinhood ransomware scheme. The attacks, which began in January 2019 and continued through at least March of the following year, specifically targeted vulnerable U.S. cities, businesses, and medical organizations located across multiple states including California, Maryland, New Jersey, and New York. Prosecutors have indicated that Gholinejad now faces up to 30 years in federal prison for these serious offenses.

“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses,” said Matthew R. Galeotti.

The scheme employed sophisticated operational security measures, with Gholinejad conducting online research while unnamed co-conspirators executed other aspects of the attacks. The cyber criminals set up virtual private networks to conceal their identities and created cryptocurrency wallets to receive Bitcoin ransom payments. After receiving payments, the group attempted to obscure the money trail using cryptocurrency mixing services and “chain-hopping” — moving assets between different types of cryptocurrencies to make them more difficult to trace. Despite these precautions, Gholinejad was eventually arrested in North Carolina in January.

Devastating Impact on American Cities

The most notable victim of the Robbinhood ransomware was the city of Baltimore, which suffered an attack in 2019 that cost the municipality over $19 million in recovery expenses and lost revenue. The attack paralyzed essential city services, disrupting property tax processing, water billing systems, and parking citation management. Other cities targeted included Greenville, North Carolina, and Yonkers, New York, along with various nonprofit organizations and at least one medical group. The attacks consistently followed the same pattern: gaining unauthorized access to networks, encrypting critical files, and demanding ransom payments in cryptocurrency.

“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said James C. Barnacle Jr.

Initially charged with seven criminal counts in a sealed indictment that has since been made public, Gholinejad’s case represents a significant victory in the ongoing battle against international cybercrime. The investigation was led by the FBI’s Charlotte Field Office with crucial assistance from the FBI Baltimore Field Office and international partners in Bulgaria. This international cooperation proved essential in bringing the perpetrator to justice despite the criminals’ attempts to operate safely from overseas locations beyond the reach of American law enforcement.

Strengthening America’s Cyber Defenses

The Justice Department has emphasized the critical importance of protecting networks against ransomware, pointing organizations to resources available at StopRansomware.gov. This case highlights the continuing vulnerability of American infrastructure to foreign cyber threats and the need for heightened security measures. The prosecution was handled by the Eastern District of North Carolina, with significant involvement from the FBI and the U.S. Justice Department’s National Security Division, demonstrating the whole-of-government approach needed to combat sophisticated cyber threats.

“Cybercrime is not a victimless offense — it is a direct attack on our communities, as seen in this case. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions,” said Daniel P. Bubar.

This case serves as a stark reminder of the persistent threats facing American critical infrastructure from foreign actors. While President Trump has consistently emphasized the importance of hardening America’s cyber defenses against foreign threats, particularly from adversarial nations like Iran, this case demonstrates that foreign hackers continue to target vulnerable American systems. The successful prosecution of Gholinejad represents an important step in deterring future attacks, but the sophisticated nature of the operation highlights the ongoing need for vigilance and increased investment in cybersecurity measures to protect essential American services and infrastructure.