In a case that blurs the line between defender and attacker, U.S. federal prosecutors have charged three individuals, including two cybersecurity professionals, for their alleged involvement in a series of BlackCat (ALPHV) ransomware attacks targeting American companies. The accused allegedly exploited their industry positions to carry out and negotiate extortion schemes.
The Accused: From Threat Negotiators to Alleged Attackers
The U.S. Department of Justice has unsealed an indictment against three U.S. nationals:
- Ryan Clifford Goldberg: Worked as an incident response manager at the cybersecurity firm Sygnia.
- Kevin Tyler Martin: Employed as a ransomware threat negotiator at DigitalMint, a company specializing in cryptocurrency transactions and ransomware negotiation.
- An Unnamed Co-Conspirator (“Co-Conspirator 1”): Also based in Florida and allegedly the recruiter in the scheme.
The Chicago Sun-Times first reported that Martin and the unnamed conspirator were actively working as ransomware negotiators for DigitalMint during the time of the attacks. All three are no longer employed by their respective companies, with both Sygnia and DigitalMint confirming their cooperation with law enforcement.
The Alleged Attack Spree and Ransom Demands
The indictment details that between May and November 2023, the trio targeted five U.S. companies across various critical sectors:
- A Florida Medical Device Company (May 2023): Demanded a $10 million ransom; received approximately $1.27 million.
- A Maryland Pharmaceutical Company (May 2023): Demanded an unspecified ransom; no payment confirmed.
- A California Doctor’s Office (July 2023): Demanded a $5 million ransom; no payment confirmed.
- A California Engineering Company (October 2023): Demanded a $1 million ransom; no payment confirmed.
- A Virginia Drone Manufacturer (November 2023): Demanded a $300,000 ransom; no payment confirmed.
The group is accused of conspiring to illegally access victim networks, deploy BlackCat ransomware, steal data, and extort cryptocurrency payments, which they then divided amongst themselves.
The Inside Advantage and Legal Reckoning
The case highlights a severe breach of trust within the cybersecurity industry. The defendants’ roles provided them with intimate knowledge of incident response and negotiation tactics, which they are alleged to have weaponized against victims.
According to court documents, Goldberg confessed to the FBI that he was recruited by the co-conspirator to “try and ransom some companies” and that he participated in the attacks to get out of debt.
Charges Filed:
Both Goldberg and Martin face serious federal charges, including:
- Conspiracy to interfere with interstate commerce by extortion.
- Interference with interstate commerce by extortion.
- Intentional damage to a protected computer.
These charges carry a combined maximum penalty of up to 50 years in federal prison. While Martin has pleaded not guilty, the third individual has not been formally indicted as of now.
