US prosecutors have charged two rogue employees of a cybersecurity firm that specializes in negotiating ransom payments to hackers on behalf of their victims with conducting their own ransomware attacks.
Last month, the Department of Justice accused Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five US-based companies.
Prosecutors also charged a third person, Ryan Clifford Goldberg, former director of incident response at cybersecurity giant Sygnia, as part of the scheme.
The three are accused of breaking into companies, stealing their sensitive data and developing ransomware developed by the ALPHV/BlackCat group.
The ALPHV/BlackCat gang operates as a ransomware-as-a-service model, in which the gang develops the file-encrypting malware used to steal and encrypt victims’ data, while its affiliates – such as the three individuals charged – carry out the hacks and develop the gang’s ransomware. The gang then takes a cut of the profits from any ransom payments.
According to FBI affidavit filed in September, rogue officials received more than $1.2 million in ransom payments from one victim, a Florida medical device manufacturer. They are also targeting several other companies, including a Virginia-based drone maker and a Maryland-based pharmaceutical company.
The Chicago Sun-Times first reported the indictment on Sunday.
Sygnia CEO Guy Segal confirmed to TechCrunch that Goldberg was an employee of Sygnia and was fired after Sygnia learned of his alleged involvement in the ransomware attacks. The company declined to comment further, citing the ongoing FBI investigation.
DigitalMint president Marc Grens told TechCrunch that Martin was an employee at the time of the alleged hacks, but said Martin was “acting completely outside the scope of his employment.”
Greens also confirmed that the unnamed person may be a former employee. DigitalMint is also cooperating with the government’s investigation, Grenz said.
