The Iranian hacker used ransomware software, Robbinhood, to steal millions.
An Iranian national has pleaded guilty to involvement in an international ransomware and extortion scheme that involved the Robbinhood ransomware software.
Sina Gholinejad pleaded guilty on May 27th, along with co-conspirators, for compromising networks of cities, corporations, health care organizations, and other entities in the United States. After hacking into these networks, Gholinejad and his accomplices used the Robbinhood ransomware variant to encrypt the files and extort payments.
The attacks caused significant disruptions in cities like Greenville, North Carolina, and the City of Baltimore, Maryland. According to the Department of Justice, “Baltimore lost more than $19 million from the damage caused to their computer networks and the resulting disruption of several essential city services, including online services for processing property taxes, water bills, parking citations, and other revenue-generating functions, which lasted many months.”
According to court documents, Gholinejad infiltrated and accessed victim networks between January 2019 and March 2024. After that date, the group copied the information to virtual private servers under their control and deployed the ransomware.
Gholinejad demanded organizations pay a Bitcoin ransom in order to have the data released. He has now pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum penalty of 30 years in prison and is scheduled for sentencing in August.
The acting U.S. Attorney Daniel P. Bubar of the Eastern District of North Carolina said, "Cybercrime is not a victimless offense – it is a direct attack on our communities, as seen in this case. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, and resulted in losses of tens of millions of dollars from unsuspecting victims and institutions."
This incident uniquely shows ransomware attacks can impact entire cities rather than just individual residents. Although this attack may not lead to residents having their data leaked, it did lead to significant operational disruptions which could impact city budgets or services in the future.
Although Gholinejad is an Iranian national, there is no evidence that this attack was state-sanctioned or driven.
In this case, the incident was harmful because it directly impacted essential city operations, like water billing which led to lost revenue for cities. Consumers may not directly feel the impact, but loss of revenue can impact government jobs, programs, and more.