In a new breakthrough in the war against cybercrime, 37-year-old Iranian-born Sina Gholinejad pleaded guilty Tuesday in a U.S. federal court to the charges stemming from the crippling 2019 Robbinhood ransomware attack on Baltimore city. The assault disabled critical city services for months and cost the city more than $19 million.
Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. Gholinejad, and his unindicted co-conspirators, used malicious cyber tools to conduct attacks, which began in January 2019 against the computer networks of several organizations in the United States, including city governments, municipalities, financial institutions, banks, and companies, according to court documents. They used the Robbinhood ransomware to lock up victims’ files and extort payments in Bitcoin.
May 2019’s cyber attack against Baltimore was among the most crippling, effectively taking offline the city’s ability to collect property taxes, water bills and parking citations for weeks. The city refused to pay the ransom and incurred a long and expensive recovery of the more than $19 million that officials estimate it cost.
Prosecutors noted that Gholinejad, along with others, used the publicity from the Baltimore attack to demand money from later victims. Other cities hard hit by the Robbinhood ransomware, the paper said, included Greenville, North Carolina; Gresham, Oregon; and Yonkers, New York.
“Gholinejad and his co-conspirators, who resided abroad, inflicted tens of millions of dollars in losses and harm to vital public services by using the Robbinhood ransomware to hold for ransom U.S. cities, health-care facilities, and businesses,” said Matthew R. Galeotti, Assistant Acting Head of the Justice Department’s Criminal Division.
The city of Baltimore was hit with a devastating ransomware attack that took hundreds of computers offline and disabled the city from performing basic functions for months.
Gholinejad was arrested in January 2025 in North Carolina. The F.B.I. conducted the investigation with the help of Bulgarian authorities. He could receive a sentence of up to 30 years in prison. He faces an August sentencing hearing.
This guilty plea is an important milestone in our efforts to bring to justice international cybercriminals who victimize American citizens and businesses from afar, causing severe financial and operational harm to U.S. communities.
