US Cybersecurity Experts Charged in BlackCat Ransomware Case
▼ Summary
– Three former cybersecurity employees from DigitalMint and Sygnia have been indicted for allegedly hacking five U.S. companies in BlackCat ransomware attacks between May and November 2023.
– The defendants face charges including conspiracy to commit extortion and intentional damage to computers, with potential prison sentences of up to 50 years if convicted.
– They are accused of operating as ALPHV BlackCat affiliates, gaining unauthorized network access, stealing data, deploying encryption malware, and demanding cryptocurrency ransoms.
– Ransom demands ranged from $300,000 to $10 million, with only one confirmed payment of $1.27 million made by a Tampa medical device manufacturer.
– The FBI has linked BlackCat to over 60 breaches and at least $300 million in ransom payments from more than 1,000 victims by September 2023.
A federal indictment has charged three cybersecurity professionals with orchestrating a series of BlackCat ransomware attacks against American companies. The accused, who previously held trusted roles at prominent incident response firms, allegedly leveraged their industry knowledge to breach networks, steal sensitive data, and extort substantial cryptocurrency payments from their victims.
Facing serious charges are Kevin Tyler Martin, a 28-year-old from Roanoke, Texas, and Ryan Clifford Goldberg, a 33-year-old from Watkinsville, Georgia, alongside an unnamed accomplice. Martin, who has entered a not guilty plea, and Goldberg, who has been in federal custody since last September, are accused of conspiracy to commit extortion, interference with interstate commerce, and intentionally damaging protected computers. A conviction on all counts carries a potential prison sentence of up to 50 years.
Court documents reveal that Martin and the unnamed individual worked as ransomware threat negotiators for DigitalMint, while Goldberg was formerly an incident response manager at Sygnia. The Department of Justice alleges the trio operated as affiliates for the ALPHV ransomware gang, also known as BlackCat. Their purported scheme involved gaining unauthorized access to corporate networks, exfiltrating data, and deploying file-encrypting malware. They would then demand cryptocurrency ransoms in exchange for decryption keys and promises not to publish the stolen information.
The indictment identifies five companies across the United States as victims. The list includes a medical device manufacturer based in Tampa, a pharmaceutical company in Maryland, a doctor’s office and an engineering firm, both in California, and a drone manufacturer located in Virginia.
Prosecutors state the ransom demands issued by the group varied dramatically, from $300,000 to a staggering $10 million. The only confirmed payment came from the Tampa medical device company, which paid $1.27 million after its servers were encrypted and a $10 million demand was made in May 2023. The court filings do not specify if any of the other targeted organizations complied with the extortion demands.
This case emerges against a backdrop of prior scrutiny. Reports had previously indicated that the Department of Justice was investigating a former DigitalMint negotiator for potentially colluding with ransomware gangs to profit from extortion deals. The relationship between that earlier probe and this new indictment remains unclear. This situation also echoes a 2019 investigative report which found that some data recovery firms secretly paid ransoms to cybercriminals while billing their clients for restoration services, without disclosing the payments.
The threat posed by the BlackCat ransomware operation has been a significant concern for U.S. authorities. In a joint advisory issued in February 2024, the FBI, CISA, and the Department of Health and Human Services highlighted that BlackCat affiliates were aggressively targeting the American healthcare sector. The FBI has attributed more than 60 data breaches to the group in its first few months of operation and estimates that, by September 2023, the gang had extorted at least $300 million from over 1,000 victims worldwide.
(Source: Bleeping Computer)
