DOJ accuses US ransomware negotiators of launching their own ransomware attacks

In a shocking turn of events, U.S. authorities have brought charges against two employees from a cybersecurity firm known for negotiating ransom payments on behalf of victims. The Department of Justice has indicted Kevin Tyler Martin and an unnamed colleague, both of whom were employed as ransomware negotiators at DigitalMint, for allegedly executing their own ransomware attacks. The indictment, issued last month, includes three counts of computer hacking and extortion linked to a series of attempted ransomware attacks targeting at least five companies across the United States. Additionally, Ryan Clifford Goldberg, a former incident response manager at the prominent cybersecurity firm Sygnia, has also been implicated in this scheme. The trio stands accused of breaching corporate networks, stealing sensitive information, and deploying ransomware created by the notorious ALPHV/BlackCat group. This criminal organization operates under a ransomware-as-a-service model, where it develops malware for file encryption while affiliates, like the indicted individuals, execute the hacks and implement the ransomware. The group then takes a portion of the ransom payments as profit. According to an FBI affidavit filed in September, these rogue employees managed to secure over $1.2 million in ransom from one victim, specifically a medical device manufacturer in Florida. Their targets also included a drone manufacturer based in Virginia and a pharmaceutical company located in Maryland. The Chicago Sun-Times was the first to report on this high-profile indictment. In a statement, Sygnia's CEO, Guy Segal, confirmed that Goldberg was indeed an employee of Sygnia but was terminated upon the discovery of his alleged involvement in the ransomware incidents. While the company has refrained from providing further details due to the ongoing FBI investigation, DigitalMint's president, Marc Grens, acknowledged that Martin was employed during the time of the alleged offenses but emphasized that he acted "completely outside the scope of his employment." Grens also indicated that the unnamed individual might be a former employee and confirmed that DigitalMint is fully cooperating with the government's inquiry.