DOJ Accuses Ransomware Negotiators of Attacks

Ransomware Attacks Allegedly Conducted by Cybersecurity Professionals

Federal prosecutors in the U.S. have brought charges against two former employees of a cybersecurity firm specializing in ransomware negotiation. These individuals are accused of independently launching their own ransomware attacks against various organizations.

Indictments and Accusations

The Department of Justice announced last month the indictment of Kevin Tyler Martin and an unnamed co-worker, both previously employed as ransomware negotiators at DigitalMint. They face three counts related to computer hacking and extortion, stemming from attempted attacks on at least five U.S. companies.

Ryan Clifford Goldberg, a former incident response manager at the prominent cybersecurity firm Sygnia, has also been implicated in the alleged scheme.

Details of the Alleged Scheme

The three individuals are alleged to have infiltrated company networks, extracted sensitive data, and subsequently deployed ransomware created by the ALPHV/BlackCat criminal group.

ALPHV/BlackCat functions under a ransomware-as-a-service (RaaS) model. This means the group develops the malicious software used for data encryption and theft. Affiliates, like the accused, then execute the attacks and deploy the ransomware, with the gang receiving a percentage of any resulting ransom payments.

Financial Gains and Targeted Companies

An FBI affidavit revealed that the accused employees allegedly received over $1.2 million in ransom payments from a single victim – a medical device manufacturer located in Florida.

Their targets also included a drone manufacturer based in Virginia and a pharmaceutical company headquartered in Maryland.

Company Responses

The initial report regarding the indictments was published by the Chicago Sun-Times on Sunday.

Sygnia’s CEO, Guy Segal, confirmed Goldberg’s employment and subsequent termination upon learning of his alleged involvement. The company has refrained from further comment due to the ongoing FBI investigation.

Marc Grens, president of DigitalMint, stated that Martin was employed at the time of the alleged incidents but was operating outside the boundaries of his job description.

Grens also acknowledged the possibility that the unnamed individual may have been a former employee. DigitalMint is fully cooperating with the government’s investigation.

Key Takeaways

Two former DigitalMint employees and a former Sygnia employee have been indicted.
The charges involve carrying out ransomware attacks while employed in cybersecurity roles.
The accused allegedly utilized ransomware developed by the ALPHV/BlackCat group.
Over $1.2 million in ransom payments were reportedly received from a single victim.