Iranian national in US pleads guilty in Baltimore ransomware attack

An Iranian national has pleaded guilty to charges linked to a ransomware campaign that targeted multiple US cities, including a 2019 cyberattack that crippled services in Baltimore, Maryland, the Department of Justice (DOJ) said on Tuesday.

Sina Gholinejad, 37, admitted to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud. He faces a maximum sentence of 30 years in prison. His sentencing is scheduled for August.

According to court documents, Gholinejad and co-conspirators used the Robbinhood ransomware to breach and encrypt files on the networks of municipalities, health care providers, and nonprofit organizations across the United States between January 2019 and March 2024.

Victims included the cities of Greenville, Gresham, Yonkers, and Baltimore, which alone incurred more than $19 million in damages and lost services.

The attacks rendered city systems offline for months, disrupting essential functions such as water billing, property tax collection, and parking enforcement. Prosecutors said the group demanded Bitcoin payments in exchange for decryption keys and sometimes threatened to publish stolen data.

No state affiliation of the case has been made by the DOJ, but US authorities have previously warned of cyber threats from Iranian state-linked groups. Iran has denied targeting US entities with cyberattacks.

Gholinejad was arrested on January 10, 2025, at Raleigh-Durham International Airport.

The FBI led the investigation, with assistance from Bulgarian authorities.