In a significant victory for law enforcement, an Iranian man has pleaded guilty to his role in the notorious Robbinhood ransomware attacks that wreaked havoc on U.S. cities, including Baltimore and Greenville.
Sina Gholinejad, a 36-year-old Iranian national, admitted to his involvement in the cybercrime scheme, which caused widespread disruptions and over $19 million in damages to Baltimore alone. The attack targeted key services such as billing and citations, leaving officials scrambling to respond.
In May 2019, for the second time that year, the systems of the city of Baltimore were hit by a ransomware attack, forcing officials to shut down a majority of them. The attack impacted multiple services, including online payment portals for water bills and property taxes.
"The ransomware attack against the City of Baltimore forced the city to take hundreds of computers offline and prevented the city from performing basic functions for months," said Matthew R. Galeotti, Head of the Justice Department's Criminal Division. "Gholinejad and his co-conspirators caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, healthcare organizations, and businesses."
Gholinejad and his co-conspirators used sophisticated tools and tradecraft to hack into U.S. networks, steal data, and deploy Robbinhood ransomware to demand Bitcoin ransoms. They laundered payments using crypto mixers and chain-hopping, while masking their identities with VPNs and private servers.
"These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas," said Acting Special Agent in Charge James C. Barnacle Jr. of the FBI's Charlotte Field Office. "This case demonstrates the capability and resolve of the FBI and our partners to find and impose consequences on cybercriminals no matter where they attempt to hide."
Gholinejad pleaded guilty to computer fraud and wire fraud conspiracy, facing up to 30 years in prison. His sentencing is set for August.
"There will be no impunity for these destructive attacks," said Galeotti, emphasizing the Justice Department's commitment to bringing cybercriminals who target our cities, healthcare system, and businesses to justice, regardless of their location.
As the FBI continues to combat cybercrime, this case serves as a reminder that law enforcement agencies will not tolerate such malicious activities and will work tirelessly to bring perpetrators to justice.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon