WILMINGTON, N.C. (AP) — An Iranian national pleaded guilty on Tuesday in North Carolina federal court for his role in a ransomware and extortion operation that prosecutors say targeted computer networks for Baltimore and other U.S. cities, a scheme that led to work disruptions and financial losses.
Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud, according to a U.S. Department of Justice news release. A plea hearing for Gholinejad had been scheduled for Tuesday morning before U.S. District Judge Richard Myers in Wilmington. Gholinejad faces a maximum of 30 years in prison, with a sentencing hearing set for August, the release said.
The Justice Department said court documents and statements made in court show Gholinejad and unidentified coconspirators caused cyberattacks in which they encrypted files on the targeted networks with the RobbinHood ransomware variant to extort ransom payments. Attack recipients included city governments of Greenville, North Carolina in April 2019, and of Baltimore a month later. Corporations and other entities were targeted.
Baltimore officials at the time of the attack said hackers had demanded the city pay the equivalent of $76,000 in bitcoin, which city leaders refused to pay. The city lost more than $19 million from damage to its network and resulting disruption to city services for months, including online processing of property taxes, water bills and parking citations, the news release said. Conspirators used the damage to threaten subsequent victims, according to prosecutors. Other cities targeted included Gresham, Oregon, and Yonkers, New York.
“These ransomware actors leveraged sophisticated tools and tradecraft to harm innocent victims in the United States, all while believing they could conduct their illegal activities safely from overseas,” said Acting Special Agent in Charge James Barnacle Jr. of the FBI’s Charlotte Field Office, which helped investigate the case.
According to the government, Gholinejad and coconspirators began cyberattacks in January 2019 by accessing victim computer networks and copying information from the infected networks to private servers they controlled.
Gholinejad had been accused of seven criminal counts in an April 2024 sealed indictment now made public by the Justice Department. Myers unsealed the case on Tuesday, although the plea agreement documents remained inaccessible, according to the defendant's online case file.
Acting U. S. Attorney Daniel Bubar for the Eastern District of North Carolina, whose office prosecuted the case, said “cybercrime is not a victimless offense — it is a direct attack on our communities.” The FBI's Baltimore office and the National Security Cyber Section of the U.S. Justice Department's National Security Division also participated in pursuing the case.
Through an email, Gholinejad's federal public defender declined comment on Monday.
The Associated Press
