An Iranian man responsible for a series of ransomware attacks against U.S. cities, including a major attack on Baltimore that cost the city $19 million, pleaded guilty in a U.S. federal court on Tuesday.
Sina Gholinejad, 37, admitted to deploying Robbinhood ransomware on Baltimore’s network in 2019, just weeks after a similar attack on Greenville, North Carolina. He pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. These charges could result in a maximum sentence of 30 years in prison.
In May 2019, the Baltimore attack brought Robbinhood ransomware into the spotlight, as the city struggled for months to restore essential services like online payment processing and property tax verification. The attack froze the local real estate market, and city officials had to implement manual workarounds.
The total cost of recovery was estimated at $18.2 million. This included $10 million for IT recovery and $8.2 million in lost revenue from property taxes, real estate fees, and fines. In response, the city council reallocated $6 million from parks and public facilities to cover the costs.
The hackers demanded 13 Bitcoins—about $76,000 at the time—to decrypt the city’s systems.
An audit later revealed that the city’s IT department had stored all its files on local hard drives, making the ransomware attack even more crippling.
Gholinejad was also linked to other Robbinhood attacks, including those on the city of Gresham, Oregon, Yonkers, New York, and a New Jersey medical practice. Attacks continued until at least March 2024.
In 2020, Microsoft reported that Robbinhood operators used a vulnerable driver from Taiwanese company Gigabyte to escalate their access and disable security software on infected systems. The attack typically began with a brute-force attack on exposed systems, allowing the hackers to gain privileged credentials and eventually deploy the ransomware.
