An Iranian man who used Robbinhood ransomware to extort millions from governments and organisations in the US pleaded guilty on Tuesday in a North Carolina court.

According to the US Department of Justice, Sina Gholinejad, 37, pleaded guilty to one count of computer fraud and abuse, and one count of conspiracy to commit wire fraud.

Ransomware is a type of malware that is designed to deny users, businesses or organisations access to their data stored on computers or servers. In a ransomware attack, data is often encrypted and criminals demand payment for the decryption key.

A warrant was issued for Sina Gholinejad in 2024, and he was arrested almost one year later in North Carolina.

“Gholinejad and his co-conspirators — all of whom were overseas — caused tens of millions of dollars in losses and disrupted essential public services by deploying the Robbinhood ransomware against US cities, healthcare organisations and businesses,” said Matthew Galeotti, head of the US Justice Department’s criminal division.

Prosecutors added that after Gholinejad and his co-conspirators would lock access to victims' files and hardware, they would often extort payments in the Bitcoin and then launder that money through cryptocurrency mixing services.

The Justice Department said in 2019 that the government of Maryland's capital Baltimore was left reeling for months due to ransomware used by Gholinejad. It ultimately lost more than $19 million from the damage to the city's computer networks “and the resulting disruption to several essential city services, including online services for processing property taxes, water bills, parking citations and other revenue-generating functions”.

The indictment said that Gholinejad’s ransomware attacks began and 2019, and lasted until early 2025.

Although he is unlikely to face the maximum penalty, the US Justice Department says Sina Gholinejad could face up to 30 years in prison.

Although many of the court documents surrounding the investigation of his crimes remain sealed, several that have been opened show that an arrest warrant was issued for Gholinejad in 2024, and that he was apprehended in North Carolina this year.

Gholinejad is scheduled to be sentenced in August.

According to a new data breach report from Verizon, there has been a significant growth in threats from ransomware in recent years.

There is a silver lining, however: the median amount paid to ransomware groups decreased to about $115,000, compared to $150,000 in the year before.

Another bright spot, according to the report, was that 64 per cent of ransomware victims did not pay the ransom.

Forty-four per cent of ransomware victims, according to Verizon, were local US governments, but similar bodies and municipalities in Europe, the Middle East and Africa have been affected.

