28-05-2025
Iranian Hacker Admits Role in Robbinhood Ransomware Attacks
A 37-year-old Iranian national, Sina Gholinejad, has pleaded guilty in a North Carolina federal court to his involvement in a series of ransomware attacks that targeted U.S. municipalities and organisations, causing extensive financial and operational damage.
Gholinejad admitted to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He now faces a maximum sentence of 30 years in prison, with sentencing scheduled for August 2025. The plea was accepted by U.S. District Judge Richard E. Myers II in Wilmington.
Between January 2019 and March 2024, Gholinejad and unnamed co-conspirators deployed the RobbinHood ransomware variant to infiltrate and encrypt data on the networks of various U.S. city governments, healthcare organisations, and private entities. The attackers demanded ransom payments in Bitcoin in exchange for decryption keys. Among the most severely affected was Baltimore, Maryland, which incurred over $19 million in damages and experienced prolonged disruptions to essential services, including property tax processing and water billing systems.
ADVERTISEMENT
Other targeted locations included Greenville, North Carolina; Gresham, Oregon; and Yonkers, New York. The conspirators also targeted entities such as the Glenn-Colusa Irrigation District in California and the Berkshire Farm Center in New York. The attackers often used the damage inflicted on earlier victims to coerce subsequent targets into paying ransoms.
Gholinejad and his associates employed various tactics to conceal their identities and activities, including the use of virtual private networks and virtual private servers . They also engaged in 'chain-hopping,' a method of laundering cryptocurrency by moving funds through multiple digital currencies to obscure the origin of the payments.
The investigation was led by the FBI's Charlotte and Baltimore field offices, with assistance from the Department of Justice's Criminal Division and National Security Division. Matthew R. Galeotti, head of the Justice Department's Criminal Division, stated that the attacks caused 'tens of millions of dollars in losses and disrupted essential public services.'
Gholinejad was arrested in January 2025 at Raleigh-Durham International Airport. The indictment, initially sealed, was made public following his guilty plea. While the Department of Justice has not alleged direct state sponsorship in this case, U.S. officials have previously linked some Iranian cyber groups to government-backed entities. Iran has denied involvement in state-sponsored cyberattacks targeting U.S. infrastructure.
