An Iranian man has admitted guilty in the U.S. court for involvement in a worldwide extortion campaign tied to the Robbinhood ransomware.
Sina Gholinejad, also known as Sina Ghaaf, age 37, and his partners hacked into the computer systems of several organizations in the U.S. They used the Robbinhood ransomware to lock files and then demanded Bitcoin payments to unlock them.
Gholinejad was arrested in North Carolina in January and has pleaded guilty to charges of computer fraud. He could be sent to prison for up to 30 years and will be sentenced in August 2025.
The U.S. Department of Justice (DOJ) said that these cyberattacks caused serious disruptions and resulted in financial losses totaling millions of dollars. Among the affected were Greenville, North Carolina, and the City of Baltimore, Maryland.
In Baltimore’s situation, the attack hit hard, costing the city over $19 million after crippling its IT systems. The attack disrupted multiple critical public services, including online systems for property tax payments, water billing, parking citations, and other revenue-related operations, which remained offline for several months.
According to court filings, Gholinejad and his associates gained unauthorized access to victims’ networks between January 2019 and March 2024. During that period, they exfiltrated sensitive data to virtual private servers they controlled and later deployed a ransomware strain to lock down the compromised systems.
The made from ransomware attacks were cleaned by using cryptocurrency mixing services and by switching funds between different cryptocurrencies, a method called chain-hopping. The attackers also hid their identities and activities by using VPNs and remote servers.
The Robbinhood ransomware group was known for using a tactic called Bring Your Own Vulnerable Driver (BYOVD). They used a real but flawed Gigabyte driver (gdrv.sys) to gain higher access to a system and disable its security protections.
Cybercrime has a real victim and real consequences. It impacts our communities directly, stated Daniel P. Buba, the Acting U.S. Attorney for the Eastern District of North Carolina. Gholinejad and his partner ran a ransomware operation that caused major disruptions to people, businesses, and local governments, leading to tens of millions of dollars in losses.
