Daniel P. Bubar Acting United States Attorney for the Eastern District of North Carolina | U.S. Attorney for the Eastern District of North Carolina
An Iranian national, Sina Gholinejad, has admitted to his involvement in a global ransomware and extortion scheme using the Robbinhood ransomware. The scheme targeted various entities across the United States, including cities and healthcare organizations, leading to significant disruptions and financial losses.
Court documents reveal that Gholinejad, aged 37, along with his co-conspirators, infiltrated computer networks of several U.S. entities and encrypted their files using the Robbinhood ransomware. This cyberattack caused tens of millions in losses, notably affecting the City of Greenville in North Carolina and Baltimore in Maryland. Baltimore suffered over $19 million in damages due to disruptions in essential city services like property tax processing and water bill payments.
Matthew R. Galeotti from the Justice Department's Criminal Division commented on the impact of these attacks: "Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against U.S. cities, health care organizations, and businesses."
Acting U.S. Attorney Daniel P. Bubar emphasized the real-world impact of such cybercrimes: “Cybercrime is not a victimless offense—it is a direct attack on our communities.” He highlighted that this case serves as a reminder that cybercriminals will be prosecuted regardless of their location.
The FBI's Acting Special Agent in Charge James C. Barnacle Jr. noted the sophisticated methods used by these actors: “These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States.”
Since January 2019, Gholinejad has been involved in unauthorized access to victim networks where he deployed ransomware to encrypt files and demanded Bitcoin ransoms for decryption keys. The conspirators attempted to obscure their activities through cryptocurrency mixing services known as chain-hopping.
Gholinejad pleaded guilty to charges including computer fraud and conspiracy to commit wire fraud. He could face up to 30 years imprisonment upon sentencing later this year.
The announcement was made by Daniel P. Bubar after Chief U.S. District Judge Richard E. Myers II accepted Gholinejad’s plea agreement. The Federal Bureau of Investigation is handling investigations while Assistant U.S Attorney Brad DeVoe alongside Senior Counsels Aarash Haghighat and Ryan R.J Dickey are prosecuting with support from Alexandra Cooper-Ponte among others.
The Justice Department’s Office of International Affairs aided significantly in evidence collection for this case.
For further information on protecting networks against ransomware threats can be found at StopRansomware.gov or via related court documents available on PACER under Case No 4:24-CR-16.
