In-depth: Iranian Pleads Guilty to 2019 Baltimore Ransomware Attack
On Tuesday, the Department of Justice announced that an Iranian national has pleaded guilty to participating in the infamous 2019 Baltimore ransomware attack, which caused widespread disruption and financial losses for the city. Sina Gholinejad, a 37-year-old Iranian national, faces a maximum sentence of 30 years in prison for his role in the high-profile cyberattack.
According to court records, Gholinejad was arrested on January 10, 2025, at the Raleigh-Durham International Airport. The circumstances surrounding his arrest remain unclear, as the assistant federal public defender assigned to his case declined to comment on the matter.
The Ransomware Attacks
Gholinejad and his unnamed co-conspirators were behind a string of ransomware attacks using the Robbinhood ransomware variant, which began in January 2019 and continued through March 2024. The attacks targeted computer networks in several cities across the United States, including Gresham, Oregon; Yonkers, New York; Greenville, North Carolina; the Glenn-Colusa Irrigation District in California; and the nonprofit Berkshire Farm Center and Services for Youth based in New York.
One of the most notable attacks was the Baltimore ransomware attack, which began on May 7, 2019. The city suffered significant damage to its computer networks and disruption to various services, including the processing of property taxes, water bills, parking citations, and other revenue-generating functions. The total cost of the attack was estimated at over $19 million.
The Iranian Connection
While the Department of Justice did not allege a state-backed connection in this case, U.S. authorities have warned of Iranian government hacking groups targeting U.S. critical infrastructure and private-sector entities. In recent years, Iranian-linked hackers have also targeted U.S. critical infrastructure under the guise of ostensibly independent personas.
For example, in November 2023, a group called Cyber Av3ngers defaced water treatment equipment in Aliquippa, Pennsylvania. The U.S. government later tied the group to the Iranian Islamic Revolutionary Guard Corps. Iran has denied targeting entities in the U.S. with cyberattacks.
The Consequences
Gholinejad's guilty plea carries a maximum sentence of 30 years in prison for his role in the ransomware attacks. The Department of Justice statement noted that his actions caused significant financial losses and disruption to services, highlighting the growing threat posed by state-backed hacking groups.
As the U.S. government continues to combat cyber threats from foreign actors, it is essential to understand the tactics and techniques used by these groups. This case serves as a reminder of the importance of cybersecurity awareness and the need for vigilance in protecting against such attacks.
Conclusion
The plea deal announced on Tuesday marks another milestone in the ongoing efforts to hold accountable those responsible for high-profile cyberattacks. As the threat landscape continues to evolve, it is crucial that law enforcement agencies and cybersecurity experts work together to stay one step ahead of these groups.