Former Sygnia and DigitalMint Cybersecurity Pros Plead Guilty to Orchestrating ALPHV (BlackCat) Ransomware Attacks
Published
Key Takeaways
- Insider Threat Confirmed: Two industry professionals admitted to orchestrating ALPHV/BlackCat ransomware attacks while employed in trusted incident response roles.
- Significant Financial Extortion: The perpetrators successfully extorted $1.2 million from a Florida medical entity and leaked sensitive patient data to coerce payments.
- Federal Prosecution: Both defendants face up to 20 years in prison for conspiracy to obstruct commerce by extortion.
Two information security professionals have entered guilty pleas to charges related to ALPHV (BlackCat) ransomware attacks. Ryan Goldberg and Kevin Martin, formerly employed in incident response and negotiation roles, leveraged their technical expertise and trusted positions to facilitate ransomware attacks on behalf of the now-defunct BlackCat gang between April and December 2023.
The indictment filed in a Miami federal court alleges that three individuals, all cybersecurity professionals, used their expertise to aid the ALPHV BlackCat operation, but only two have been named so far.
Insider Threat Exploits Trusted Access
The new Department of Justice (DoJ) indictment revealed that Goldberg (40), previously with Sygnia, and Martin (36), a former DigitalMint negotiator, along with another co-conspirator, abused their specialized knowledge to deploy ransomware payloads against U.S. targets.
The three individuals conspired with the ALPHV/BlackCat ransomware-as-a-service (RaaS) gang, which was disrupted in 2023, to encrypt networks and exfiltrate sensitive data, effectively weaponizing the access they were granted for defensive purposes, operating as malicious insiders.
“The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV BlackCat’s extortion platform,” the report said.
Extortion Tactics and Financial Impact
The conspirators targeted the computer networks of more than 1,000 victims around the world, including a Florida medical company, a Maryland pharmaceutical firm, a California doctor's office, an engineering company, and a drone manufacturer.
The three individuals successfully secured a $1.2 million ransom payment from a victim. Adhering to the affiliate model, they retained 80%, split three ways. To maximize pressure on victims, they exfiltrated and subsequently published private patient photographs on the gang’s leak site.
Legal Ramifications for Cybercrime
Both defendants pleaded guilty to conspiracy to one count of conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion and face a statutory maximum of 20 years in prison.
In June 2024, the ALPHV group claimed a Change Healthcare ransomware attack, and shortly after, the actor reportedly staged an exit scam. The then-new RaaS RansomHub gang that overlaps with ALPHV (BlackCat), Knight Ransomware, DragonForce, and Play Ransomware listed the alleged hack.
The ALPHV gang targeted prominent healthcare solutions provider and Fortune 500 company Henry Schein, which failed to mail notices for a year
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular