TL;DR
Two former incident-response specialists admitted guilt to conspiracy to obstruct commerce by extortion after using ALPHV/BlackCat ransomware against multiple U.S. companies. They face up to 20 years in prison and are subject to asset forfeiture proceedings.
What happened
Two ex-cybersecurity professionals have pleaded guilty to conspiring to extort U.S. companies using ransomware. Federal filings say the defendants — a former incident response manager at Sygnia and a former ransomware negotiator at DigitalMint — worked with an unnamed DigitalMint colleague and used the ALPHV/BlackCat ransomware-as-a-service, paying its operators a 20% commission. The group targeted firms in several states, including Maryland, California, Florida and Virginia. Court records show one Florida medical device manufacturer paid $1.27 million to recover data after demand notices sought up to $10 million; after the platform's fee was taken, the defendants split the remainder three ways and moved Bitcoin through multiple channels. The two named defendants face sentences up to 20 years each. The FBI Miami Field Office, assisted by the U.S. Secret Service, led the investigation, and the Southern District of Florida is handling related asset forfeiture matters.
Why it matters
- Insiders with incident-response training exploited their expertise to carry out attacks, raising concerns about trust and vetting in cybersecurity roles.
- The case highlights how ransomware-as-a-service lowers technical barriers and embeds profit-sharing that can enrich operators and affiliates.
- Victims can suffer large financial losses even when demands are not fully met; paid ransoms can be laundered through cryptocurrency channels.
- Law enforcement coordination and asset forfeiture are being used to recover proceeds and deter similar criminal activity.
Key facts
- Charges: Guilty pleas to conspiracy to obstruct commerce by extortion.
- Potential punishment: Up to 20 years in prison for each defendant.
- Named defendants: Ryan Clifford Goldberg (40), formerly an incident response manager at Sygnia; Kevin Tyler Martin (36), formerly a ransomware threat negotiator at DigitalMint.
- A third, unnamed co-conspirator worked in a similar role at DigitalMint but has not been publicly identified.
- Ransomware used: ALPHV (BlackCat) ransomware-as-a-service; operators received a 20% cut of proceeds.
- Victims: Multiple U.S. companies across Maryland, California, Florida and Virginia.
- Documented ransom payment: A Florida medical device maker paid $1.27 million after a demand reportedly up to $10 million.
- Proceeds handling: After paying the platform fee, the defendants split the remainder and laundered Bitcoin through various channels.
- Investigation: Led by the FBI Miami Field Office with assistance from the U.S. Secret Service; Southern District of Florida handling asset forfeiture.
- Custody status: One defendant, Goldberg, has been in federal custody since September 2023.
What to watch next
- Sentencing dates and lengths for the two named defendants (not confirmed in the source).
- Outcome of the Southern District of Florida's asset forfeiture process and whether recovered funds are returned to victims.
- Whether the unnamed DigitalMint associate will be identified and charged (not confirmed in the source).
Quick glossary
- Ransomware: Malicious software that encrypts or blocks access to data or systems until a ransom is paid.
- Ransomware-as-a-service (RaaS): A business model where developers sell or lease ransomware tools to affiliates in exchange for a percentage of payments.
- Extortion: Obtaining money or other benefits from victims by coercion or threats, including threats to expose or withhold data.
- Asset forfeiture: A legal process in which the government seeks to seize assets obtained through or used in criminal activity.
- Incident response: The process by which organizations detect, investigate and remediate cybersecurity breaches and attacks.
Reader FAQ
What did the defendants plead guilty to?
They pleaded guilty to conspiracy to obstruct commerce by extortion.
How much prison time could they receive?
Each faces up to 20 years in prison based on the charges described in court records.
How many victims paid ransom?
Court records show one documented payment of $1.27 million from a Florida medical device company; other payments were not detailed.
How were the defendants caught?
Not confirmed in the source.
Tech Industry Cybersecurity U.S. cybersecurity experts plead guilty for ransomware attacks, face 20 years in prison each — group demanded up to $10 million from each victim News By Jowi…
Sources
- U.S. cybersecurity experts plead guilty for ransomware attacks
- Two US cyber experts plead guilty to cooperating with …
- 2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates
- Former incident responders plead guilty to ransomware …
Related posts
- Honey’s Dieselgate: Detecting When Testers Are Identified and Tricked
- Escaping Containment — Security Analysis Reveals Jail Escape Paths in FreeBSD
- Sword-wielding contractor runs private squatter-removal service in Oakland