An Iranian man has pleaded guilty to using Robbinhood ransomware to extort millions from governments and organisations in the US.
Sina Gholinejad, 37, admitted computer fraud and abuse and conspiracy to commit wire fraud during a hearing in a North Carolina court.
Ransomware is a type of malware designed to deny users, businesses or organisations access to their data stored on computers or servers. In a ransomware attack, data is often encrypted, and criminals demand payment for the decryption key.
Gholinejad could face as much as 30 years in prison.
“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against US cities, healthcare organisations and businesses,” said Matthew Galeotti, head of the US Justice Department’s criminal division.
Prosecutors said that after Gholinejad and his co-conspirators would lock access to victims' files and hardware, they would often extort payments in the Bitcoin and then launder that money through cryptocurrency mixing services.
The Justice Department said in 2019 that the government of Maryland's capital Baltimore was left reeling for months due to ransomware used by Gholinejad. It ultimately lost more than $19 million from the damage to the city's computer networks “and the resulting disruption to several essential city services, including online services for processing property taxes, water bills, parking citations and other revenue-generating functions”.
The indictment said that Gholinejad’s ransomware attacks began and 2019, and lasted until early 2025.
Although many of the court documents surrounding the investigation of his crimes remain sealed, several that have been opened show that an arrest warrant was issued for Gholinejad in 2024, and that he was apprehended in North Carolina this year.
Gholinejad is scheduled to be sentenced in August.
According to a new data breach report from Verizon, there has been a significant growth in threats from ransomware in recent years.
There is a silver lining, however: the median amount paid to ransomware groups decreased to about $115,000, compared to $150,000 in the year before.
Another bright spot, according to the report, was that 64 per cent of ransomware victims did not pay the ransom.
Forty-four per cent of ransomware victims, according to Verizon, were local US governments, but similar bodies and municipalities in Europe, the Middle East and Africa have been affected.
