A 37-year-old Iranian national pleaded guilty in a US court for his role in a widespread ransomware and extortion scheme that crippled city governments, corporations, and healthcare providers across the United States.
Sina Gholinejad admitted to participating in the deployment of the Robbinhood ransomware variant, which encrypted victims' files and demanded Bitcoin payments in exchange for decryption keys. The attacks, which began in early 2019, resulted in tens of millions of dollars in damages.
According to court documents and statements made during the plea hearing, Gholinejad and unnamed co-conspirators infiltrated the computer systems of targeted organizations, stealing sensitive information and holding critical data hostage. The Robbinhood ransomware was then used to encrypt victims’ files, severely disrupting operations. In Baltimore alone, the cyberattack caused over $19 million in damages and shut down essential city services for months, including systems for property tax payments, water billing, and other municipal revenue functions.
Federal prosecutors revealed that the group weaponized the damage inflicted on high-profile targets to pressure future victims into paying ransoms. Victims were often left with little choice, as the attackers made clear that failure to pay would result in permanent data loss and public exposure.
The investigation uncovered that Gholinejad and his co-conspirators laundered the illicit Bitcoin payments using cryptocurrency mixing services and a tactic known as “chain-hopping,” moving funds between various digital assets to obscure their origins. To further hide their identities, the group relied on virtual private networks (VPNs) and remote servers they controlled.
Gholinejad pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum sentence of 30 years in federal prison. Sentencing is scheduled for August.
