An Iranian national, Sina Gholinejad, has pleaded guilty in a U.S. court for his role in a sophisticated international ransomware and extortion scheme that utilized the notorious Robbinhood ransomware. Gholinejad, 37, along with his accomplices, is accused of infiltrating the computer networks of numerous organizations across the United States, encrypting vital files, and demanding ransom payments in Bitcoin.
Arrested in January 2025 in North Carolina, Gholinejad faces serious charges, including one count of computer fraud and abuse and another for conspiracy to commit wire fraud. The charges stem from attacks that reportedly caused significant disruptions, with losses reaching tens of millions of dollars. Gholinejad is scheduled to be sentenced in August 2025, with a possible maximum penalty of 30 years behind bars.
The U.S. Department of Justice highlighted the severe impact of these cyber attacks, noting that cities like Greenville, North Carolina, and Baltimore, Maryland, suffered extensive damage. In particular, Baltimore incurred losses exceeding $19 million, severely disrupting critical city services, including processing property taxes and water bills that persisted for months.
Court documents reveal that Gholinejad and his associates maintained unauthorized access to targeted networks from January 2019 to March 2024. This allowed them to siphon sensitive information to servers they controlled while deploying ransomware to cripple operations. The criminal proceeds were then laundered through cryptocurrency mixing services and a method known as chain-hopping, which concealed their identities by moving assets across various cryptocurrencies.
The Robbinhood ransomware strain notoriously exploited vulnerabilities in legitimate drivers to carry out its attacks, causing chaos across numerous sectors. Acting U.S. Attorney Daniel P. Bubar described the impact of Gholinejad’s actions as deeply harmful, stressing that cybercrime represents a direct assault on communities, ultimately affecting lives and local government operations.
The ongoing investigation underscores the seriousness with which U.S. authorities are treating ransomware crimes, as they continue to combat rising cyber threats.