The City of Baltimore fell victim to a **RobbinHood ransomware attack** in **May 2019**, orchestrated by Iranian national **Sina Gholinejad** and his co-conspirators. The attack crippled municipal operations by forcing hundreds of government computers offline, halting essential services for **months**. While the hackers demanded a **$76,000 ransom**, Baltimore officials refused to pay. The incident resulted in **$19 million in damages**, disrupting revenue-generating functions like property transactions, utility billing, and public service operations. Critical systems—including email, payment portals, and emergency response tools—were paralyzed, severely impairing the city’s ability to function. The attack also served as a **psychological extortion tactic**, with hackers threatening other U.S. local governments with similar consequences if they resisted ransom demands. Beyond financial losses, the prolonged outage eroded public trust and exposed vulnerabilities in the city’s cybersecurity infrastructure. The case underscored the escalating threat of **state-affiliated cybercriminals targeting public institutions** to maximize chaos and profit.
Source: https://therecord.media/iranian-years-decades-guilty-ransomware
TPRM report: https://www.rankiteo.com/company/city-of-baltimore
"id": "cit5853358112825",
"linkid": "city-of-baltimore",
"type": "Ransomware",
"date": "5/2019",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Public Administration',
'location': 'Baltimore, Maryland, USA',
'name': 'City of Baltimore',
'type': 'Municipal Government'},
{'industry': 'Public Administration',
'location': 'Greenville, North Carolina, USA',
'name': 'City of Greenville',
'type': 'Municipal Government'},
{'industry': 'Public Administration',
'location': 'Gresham, Oregon, USA',
'name': 'City of Gresham',
'type': 'Municipal Government'},
{'industry': 'Public Administration',
'location': 'Yonkers, New York, USA',
'name': 'City of Yonkers',
'type': 'Municipal Government'},
{'location': 'USA',
'name': 'Unnamed U.S. healthcare organizations and '
'businesses',
'type': ['Healthcare', 'Private Sector']}],
'data_breach': {'data_encryption': True},
'date_detected': '2019-05',
'description': 'Iranian national Sina Gholinejad, 37, pleaded guilty to '
'deploying the Robbinhood ransomware variant against multiple '
'U.S. cities, including Baltimore, Greenville (NC), Gresham '
'(OR), and Yonkers (NY). The attacks caused tens of millions '
'in financial losses, disrupted essential public services, and '
'extorted victims for Bitcoin ransoms. Baltimore refused to '
'pay the $76,000 ransom, resulting in $19 million in damages '
'and months of disrupted municipal functions. Gholinejad was '
'detained in January 2024 and faces up to 30 years in prison.',
'impact': {'brand_reputation_impact': 'Significant (municipal trust eroded, '
'public services disrupted)',
'downtime': 'Months (Baltimore and other affected municipalities)',
'financial_loss': '$19 million (Baltimore); tens of millions '
'(total across victims)',
'legal_liabilities': 'Criminal charges filed (computer fraud, wire '
'fraud conspiracy)',
'operational_impact': 'Disruption of essential public services, '
'revenue-generating municipal functions '
'halted',
'revenue_loss': '$19 million (Baltimore)',
'systems_affected': 'Hundreds of computers (Baltimore); municipal '
'networks (multiple cities)'},
'initial_access_broker': {'high_value_targets': ['municipal governments',
'healthcare organizations',
'businesses']},
'investigation_status': 'Ongoing (sentencing pending as of 2024-06); '
'co-conspirators under investigation',
'motivation': ['financial gain', 'extortion'],
'ransomware': {'data_encryption': True,
'ransom_demanded': '$76,000 (Baltimore); unspecified amounts '
'(other victims)',
'ransom_paid': 'No (Baltimore); unspecified (other victims)',
'ransomware_strain': 'Robbinhood'},
'references': [{'source': 'U.S. Department of Justice (DOJ) Press Release'},
{'source': 'Court documents (Sina Gholinejad case)'}],
'regulatory_compliance': {'legal_actions': ['Criminal prosecution (DOJ); '
'guilty plea on computer fraud '
'and wire fraud conspiracy '
'charges']},
'response': {'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': 'Systems taken offline (Baltimore); gradual '
'restoration over months',
'third_party_assistance': ['Bulgarian law enforcement '
'(investigation support)']},
'threat_actor': {'age': 37,
'co_conspirators': ['overseas accomplices (unnamed)'],
'name': 'Sina Gholinejad',
'nationality': 'Iranian',
'status': 'Pled guilty (2024-06), detained (2024-01), '
'awaiting sentencing (2024-08)'},
'title': 'Ransomware Attack on the City of Baltimore and Other U.S. '
'Municipalities',
'type': ['ransomware', 'extortion', 'cybercrime']}