U.S. Prosecutors Indict Cybersecurity Insiders for BlackCat Ransomware Attacks
These articles are AI-generated summaries. Please check the original sources for full details.
U.S. Prosecutors Indict Cybersecurity Insiders for BlackCat Ransomware Attacks
Federal prosecutors in the U.S. have charged three individuals—Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator—with orchestrating ransomware attacks using the BlackCat (ALPHV) strain against five U.S. companies between May and November 2023. The indictment underscores the growing threat of insider threats within the cybersecurity industry, where trusted professionals allegedly exploited their positions to extort victims.
Indicted Individuals and Their Backgrounds
- Ryan Clifford Goldberg: Former incident response manager at cybersecurity firm Sygnia. Allegedly confessed to the FBI during an interview, stating he participated in the attacks to resolve personal debt.
- Kevin Tyler Martin: Former ransomware threat negotiator at DigitalMint, a company involved in ransomware negotiations. Pleaded not guilty to the charges.
- Co-Conspirator 1: Unnamed individual linked to DigitalMint during the time of the attacks. Not yet indicted.
Both Sygnia and DigitalMint confirmed they have cooperated with law enforcement, with Bloomberg reporting in July 2025 that the FBI was investigating a former DigitalMint employee for allegedly profiting from ransomware payments.
Targeted Companies and Attack Details
The defendants allegedly attacked the following organizations:
- Medical Device Company (Tampa, Florida): Attacked around May 13, 2023, demanding $10 million. Paid approximately $1.274 million in cryptocurrency.
- Pharmaceutical Company (Maryland): Attacked in May 2023, with an unspecified ransom demand.
- Doctor’s Office (California): Attacked in July 2023, demanding $5 million.
- Engineering Company (California): Attacked in October 2023, demanding $1 million.
- Drone Manufacturer (Virginia): Attacked in November 2023, demanding $300,000.
Only the medical device company reportedly paid a ransom; the other victims did not succumb to the demands.
Legal Charges and Potential Penalties
All three individuals face charges including:
- Conspiracy to interfere with interstate commerce by extortion
- Interference with interstate commerce by extortion
- Intentional damage to a protected computer
These charges carry a maximum penalty of 50 years in federal prison. Martin has pleaded not guilty, while Goldberg allegedly admitted to participating in the attacks.
Implications and Industry Impact
- Insider Threats: The case highlights how insiders with access to critical systems can exploit their positions to launch attacks, even within cybersecurity firms.
- Ransomware Evolution: BlackCat, a ransomware-as-a-service (RaaS) platform, has been linked to numerous high-profile attacks, emphasizing the need for stricter internal security measures.
- Corporate Accountability: Companies like Sygnia and DigitalMint are under scrutiny for their roles in the ransomware ecosystem, even if they later cooperated with law enforcement.
Reference
https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html
Continue reading
Next article
Securing GraphQL API Access with Token Exchange via ToolHive and Okta
Related Content
US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity
Two US cybersecurity professionals pleaded guilty to ransomware activity as ALPHV/BlackCat affiliates in 2023, highlighting an insider threat.
Cybersecurity Predictions 2026: Separating Signal from Noise
Bitdefender webinar highlights the shift from speculative cybersecurity threats to targeted ransomware and internal AI risks needing immediate attention.
Osiris Ransomware Leverages POORTRY Driver in Novel BYOVD Attack
The newly discovered Osiris ransomware strain utilized a custom POORTRY driver in a Bring Your Own Vulnerable Driver (BYOVD) attack, resulting in data theft and security tool disabling in November 2025.