Judgment in the Cloud: The future of risk and regulation with James Lord, Google Cloud
News
Robbinhood ransomware hacker pleads guilty to charges stemming from 2019 attack on Baltimore
13 June 2025
Sina Gholinejad, an Iranian hacker involved in the 2019 international extortion scheme against the City of Baltimore using the Robbinhood ransomware, pleaded guilty to computer fraud and wire fraud charges on Tuesday, May 27, in federal court.
On May 27, 2025, the Department of Justice (DoJ) announced that Sina Gholinejad, an Iranian hacker, pleaded guilty to multiple charges stemming from Gholinejad’s involvement in the 2019 Robbinhood ransomware attacks on the City of Baltimore’s computer networks. Matthew R. Galeotti, Head of the Justice Department’s Criminal Division, noted that “[t]he ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months,” costing the city around $19 million. Other victims of the ransomware attacks, which continued for over five years, include other municipalities, medical groups, and non-profits.
Beginning in January 2019, Gholinejad and other overseas conspirators gained unauthorized access to Baltimore’s computer networks. They deployed Robbinhood ransomware, which encrypted victim computer files and saved one or more ransom notes on the computers. After Baltimore refused to pay the ransom to decrypt the data, the hackers moved on to other victims, mostly municipalities. They extorted Bitcoin from their victims in exchange for the private key required to decrypt the victims’ computer files. The conspirators also copied information they extracted from the infected victim networks to their own virtual private servers, using it as additional leverage to obtain ransom payments.
To cover their tracks after receiving the illicit payouts, Gholinejad and his co-conspirators attempted to launder the ransom payments by using cryptocurrency mixers and moving the groups’ illegally obtained assets between different types of cryptocurrencies, a technique of cryptocurrency laundering known as chain-hopping. This extortion scheme continued for over 5 years.
Gholinejad was arrested on January 10, 2025 in the Raleigh-Durham International Airport. After being indicted by a grand jury in the Eastern District of North Carolina on April 4, the hacker pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum penalty of 30 years in prison, which will be determined in August at his sentencing.
Authored by Nathan Salminen and Madison Cash.
Washington, D.C.
Articles you may be interested in
View more insights and analysis
