City of Baltimore

The City of Baltimore faced a significant ransomware attack in May 2019, which disrupted its IT systems for weeks. The attack involved the deployment of Robbinhood ransomware, which encrypted files and demanded Bitcoin ransoms in return for a decryptor. The attackers used administrator accounts or vulnerabilities to access the network and deployed the ransomware manually. The incident gained notoriety due to its prolonged impact on the city's operations. The attackers also used a legitimate but vulnerable Gigabyte driver to turn off antivirus software, allowing the ransomware to operate without interference.

Source: https://www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/

TPRM report: https://scoringcyber.rankiteo.com/company/city-of-baltimore

"id": "cit1046052825",
"linkid": "city-of-baltimore",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Government',
                        'location': 'Baltimore, MD',
                        'name': 'Baltimore',
                        'type': 'City'},
                       {'industry': 'Government',
                        'location': 'Greenville, NC',
                        'name': 'Greenville',
                        'type': 'City'},
                       {'industry': 'Government',
                        'location': 'Gresham, OR',
                        'name': 'Gresham',
                        'type': 'City'},
                       {'industry': 'Government',
                        'location': 'Yonkers, NY',
                        'name': 'Yonkers',
                        'type': 'City'},
                       {'industry': 'Healthcare',
                        'name': 'Meridian Medical Group',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Nonprofit',
                        'name': 'Berkshire Farm Center',
                        'type': 'Nonprofit Organization'}],
 'attack_vector': ['administrator accounts', 'vulnerabilities'],
 'data_breach': {'data_encryption': True, 'data_exfiltration': True},
 'date_detected': 'January 2019',
 'description': 'An Iranian national, Sina Gholinejad, pleaded guilty to '
                'participating in the Robbinhood ransomware operation, which '
                'targeted U.S. cities and organizations to extort millions of '
                'dollars over a five-year span.',
 'impact': {'data_compromised': True,
            'downtime': True,
            'operational_impact': True,
            'systems_affected': True},
 'initial_access_broker': {'entry_point': ['administrator accounts',
                                           'vulnerabilities']},
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': True,
                'ransomware_strain': 'Robbinhood'},
 'references': [{'source': 'BleepingComputer'}],
 'response': {'law_enforcement_notified': True},
 'threat_actor': ['Sina Gholinejad', 'Sina Ghaaf'],
 'title': 'Robbinhood Ransomware Operation',
 'type': 'Ransomware',
 'vulnerability_exploited': ['Gigabyte driver (gdrv.sys)']}

City of Baltimore

Estes Forwarding Worldwide

Synnovis

United Natural Foods (UNFI)