Iranian hacker admits role in Baltimore ransomware attack

Instead of attacking private firms, the group behind the ransomware campaign targeted cities, hospitals and charities, demanding Bitcoin and threatening to leak stolen data.
An Iranian national has admitted to using Robbinhood ransomware to cripple services in US cities, including Baltimore, which suffered over $19 million in damages.

An Iranian man has pleaded guilty to charges stemming from a ransomware campaign that disrupted public services across several US cities, including a major 2019 attack in Baltimore.

The US Department of Justice announced that 37-year-old Sina Gholinejad admitted to computer fraud and conspiracy to commit wire fraud, offences that carry a maximum combined sentence of 30 years.

Rather than targeting private firms, Gholinejad and his accomplices deployed Robbinhood ransomware against local governments, hospitals and non-profit organisations from early 2019 to March 2024.

The attack on Baltimore alone resulted in over $19 million in damage and halted critical city functions such as water billing, property tax collection and parking enforcement.

Instead of simply locking data, the group demanded Bitcoin ransoms and occasionally threatened to release sensitive files. Cities including Greenville, Gresham and Yonkers were also affected.

Although no state affiliation has been confirmed, US officials have previously warned of cyber activity tied to Iran, allegations Tehran continues to deny.

Gholinejad was arrested at Raleigh-Durham International Airport in January 2025. The FBI led the investigation, with support from Bulgarian authorities. Sentencing is scheduled for August.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!