Iranian Foreign National Involved in Robbinhood Ransomware Attacks Admits Guilt - U.S. Department of Justice (DOJ)

Iranian Foreign National Involved in Robbinhood Ransomware Attacks Admits Guilt - U.S. Department of Justice (DOJ)

U.S. Department of Justice Charges Iranian Man for Masterminding Robbinhood Ransomware Scam

A 37-year-old Iranian national, Sina Gholinejad, has admitted to leading a ransomware scheme that disrupted multiple U.S. cities and resulted in significant financial losses. According to the U.S. Department of Justice, more than tens of millions of dollars were extorted from victims through the implementation of Robbinhood ransomware [1][3][5].

The cyberattacks, which took place in January 2019, saw Gholinejad and his accomplices gain unauthorized access to computers, steal sensitive data, and encrypt files using the Robbinhood malware in exchange for cryptocurrency. The group then laundered the stolen funds using crypto mixing services and advanced identity-concealing techniques [1][3][5].

Cities hit by the cyberattacks included Baltimore, Greenville (North Carolina), Yonkers (New York), and Gresham (Oregon) [1][3][5]. The attacks severely disrupted the affected cities' functionality for several months [1].

In a press release, Matthew R. Galeotti, Head of the Justice Department's Criminal Division, stated, "The ransomware attack on the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months. Gholinejad's conviction reflects the Criminal Division's commitment to bringing cybercriminals who target our cities, healthcare system, and businesses to justice no matter where they are located. There will be no impunity for these destructive attacks."

Gholinejad is due to be sentenced in August 2025 and faces a maximum penalty of 30 years in prison [1][3][5]. The case underscores the U.S. government's determination to prosecute cybercriminals responsible for attacking public institutions regardless of their location.

[1] U.S. Department of Justice press release, "Iranian Man Charged with Leading Ransomware Campaign that Extorted Millions from Targeted Cities," May 29, 2025. (https://www.justice.gov/opa/pr/iranian-man-charged-leading-ransomware-campaign-extorted-millions-targeted-cities)

[3] Cointelegraph, "Iranian Man Accused of Leading Ransomware Attack Pleads Guilty," May 29, 2025. (https://cointelegraph.com/news/iranian-man-accused-of-leading-ransomware-attack-pleads-guilty)

[5] The Daily Hodl, "Iranian Man Pleads Guilty to Leading Robbinhood Ransomware Scam," May 29, 2025. (https://blocnews.app/iranian-man-pleads-guilty-to-leading-robbinhood-ransomware-scam-25-may-2025/)

Gholinejad used cryptocurrency to launder the funds stolen during the Robbinhood ransomware attacks. The FBI's investigation into the case revealed that the attacker also accepted payments in altcoins besides Bitcoin.

Read also: