US ransomware negotiators get 4 years in prison over BlackCat attacks
Source: Bleeping Computer
Sentencing
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.
- Ryan Clifford Goldberg, 40, former Sygnia incident response manager
- Kevin Tyler Martin, 36, DigitalMint ransomware negotiator
Both were charged in November (source) and pleaded guilty in December to conspiracy to obstruct commerce by extortion (source).
Charges and Activities
Together with Angelo Martino, 41, a third accomplice who also pleaded guilty in April, Goldberg and Martin acted as BlackCat ransomware affiliates between May 2023 and November 2023, breaching the networks of multiple victims across the United States.
According to court documents, they received a 20 % share of ransoms in exchange for access to BlackCat’s ransomware and extortion platform.
Victims and Ransom Payments
The list of victims includes:
- A Maryland pharmaceutical company
- A Tampa medical device manufacturer
- A California engineering firm
- A Virginia drone manufacturer
- A California doctor’s office
Prosecutors said the Tampa medical device company paid $1.27 million after its servers were encrypted and it received a $10 million ransom demand in May 2023. The payment was laundered and split three ways with Martino.
Other breached companies received ransom demands ranging from $300,000 to $10 million, though the indictment does not indicate whether additional payments were made.
Statements
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” said U.S. Attorney Jason A. Reding Quiñones on Thursday. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”
— Justice Department press release
“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” said DigitalMint CEO Jonathan Solomon to BleepingComputer after Martino pleaded guilty.
FBI Findings
The FBI previously linked the BlackCat ransomware gang to more than 60 breaches between November 2021 and March 2022 (source).
In a separate advisory, the bureau added that the cybercrime operation collected at least $300 million in ransom payments from more than 1,000 victims through September 2023 (source).