A key figure behind one of the most notorious ransomware crews targeting U.S. cities and institutions has pleaded guilty in federal court. Iranian national Sina Gholinejad admitted on Tuesday that he helped operate the Robbinhood ransomware gang esponsible for paralyzing city governments, hospitals, and private businesses across the country. Gholinejad and iranian man, pleaded guilty to charges of computer fraud and conspiracy to commit wire fraud.
Prosecutors say he and unnamed associates broke into dozens of networks, encrypted critical data, and demanded hefty Bitcoin ransoms in exchange for restoring access. His sentencing is scheduled for August, and he could face up to 30 years in prison.
Robbinhood’s 2019 Attack on Baltimore Made Headlines
Robbinhood’s most infamous strike came in May 2019, when it brought Baltimore’s city government to a standstill. The ransomware attack forced officials to shut down hundreds of computers, disabling online payment systems for water bills, parking fines, and property taxes. The fallout was severe—Baltimore spent over $19 million on recovery and lost revenue.
Beyond Baltimore, Robbinhood also hit organizations in North Carolina, Oregon, New York, and New Jersey. According to court documents, the group operated like a modern ransomware-as-a-service operation. Victims received ransom notes that directed them to Tor-based negotiation portals and were instructed to pay in Bitcoin.
How Robbinhood Hid Its Tracks
After collecting ransoms, the crew used coin mixers and alternative cryptocurrencies to obscure the funds’ origins. They layered these transactions with VPN services to further mask their identities and avoid detection. The Justice Department said this sophisticated laundering method helped them stay hidden while carrying out repeated attacks.
U.S. Attorney Daniel Bubar emphasized the real-world consequences of digital extortion: “Cybercrime is not a victimless offense. It is a direct attack on our communities. Gholinejad and his co-conspirators orchestrated a ransomware scheme that disrupted lives, businesses, and local governments, resulting in losses of tens of millions of dollars.”
The Robbinhood case highlights how international cybercriminals can wreak havoc on everyday services—from city hall to hospital systems. It also underlines the growing need for global cooperation, stronger cybersecurity defenses, and policies that address both the technical and financial layers of ransomware attacks.
With Gholinejad’s conviction, U.S. authorities have taken a key step in holding global cybercriminals accountable. But the case also serves as a warning: ransomware threats are evolving fast, and local governments remain a prime target.
