The City of Baltimore suffered over $19 million in losses due to damage and prolonged shutdown of essential services. Residents couldn’t process property taxes, water bills, or parking citations online for months. The attacks were part of a major international ransomware operation involving the Robbinhood ransomware, which locked down computer systems and demanded ransom payments in Bitcoin.
Source: https://hackread.com/iran-robbinhood-ransomware-operator-guilty-city-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/city-of-baltimore
"id": "cit740060225",
"linkid": "city-of-baltimore",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Public Services',
'location': 'Baltimore, Maryland',
'name': 'City of Baltimore, Maryland',
'type': 'Government'},
{'industry': 'Public Services',
'location': 'Greenville, North Carolina',
'name': 'City of Greenville, North Carolina',
'type': 'Government'},
{'industry': 'Public Services',
'location': 'Gresham, Oregon',
'name': 'City of Gresham, Oregon',
'type': 'Government'},
{'industry': 'Public Services',
'location': 'Yonkers, New York',
'name': 'City of Yonkers, New York',
'type': 'Government'}],
'attack_vector': ['Unauthorized access to computer networks',
'Use of stolen NSA tool EternalBlue'],
'date_detected': 'January 2019',
'date_publicly_disclosed': 'May 27, 2025',
'description': 'An Iranian man admitted his role in a major international '
'ransomware operation that caused tens of millions of dollars '
'in damages and severely disrupted public services across the '
'United States using the Robbinhood ransomware.',
'impact': {'downtime': ['Prolonged shutdown of essential services in '
'Baltimore'],
'financial_loss': ['Over $19 million in Baltimore',
'Tens of millions of dollars overall'],
'operational_impact': ['Disruption of public services',
'Inability to process property taxes, water '
'bills, or parking citations online'],
'systems_affected': ['Computer systems of cities, businesses, and '
'healthcare organizations']},
'investigation_status': 'Guilty plea entered',
'lessons_learned': 'Law enforcement agencies are determined to identify and '
'hold accountable those who exploit online infrastructure '
'for personal gain.',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Unauthorized access and use of '
'EternalBlue'},
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': ['Typically in Bitcoin'],
'ransomware_strain': 'Robbinhood'},
'references': [{'source': 'Malwayerbytes'}, {'source': 'Hackread.com'}],
'regulatory_compliance': {'legal_actions': ['Guilty plea to computer fraud '
'and abuse and conspiracy to '
'commit wire fraud']},
'response': {'law_enforcement_notified': 'Yes'},
'threat_actor': 'Sina Gholinejad and co-conspirators',
'title': 'Robbinhood Ransomware Attacks on US Cities and Organizations',
'type': 'Ransomware',
'vulnerability_exploited': 'EternalBlue'}