U.S. prosecutors have charged two rogue employees of a cybersecurity firm that specializes in negotiating ransom payments to hackers on behalf of victims with carrying out ransomware attacks themselves.
Last month, the Department of Justice indicted Kevin Tyler Martin, who worked as a ransomware negotiator at Digital Mint, and another unnamed employee on charges of computer hacking and extortion in connection with a series of attempted ransomware attacks against at least five U.S.-based companies.
Prosecutors also charged a third person, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Signia, as part of the scheme.
The three are accused of hacking into companies, stealing sensitive data, and deploying ransomware developed by the ALPHV/BlackCat group.
The ALPHV/BlackCat gang operates under a ransomware-as-a-service model, in which the gang develops file-encrypting malware that is used to steal or scramble victims’ data, and its affiliates (such as the three indicted individuals) perform the hacking and deploy the gang’s ransomware. The gang then receives a portion of the profits from the ransom payment.
According to an FBI affidavit filed in September, the unscrupulous employees received more than $1.2 million in ransom from one victim, a Florida medical device manufacturer. Several other companies were also targeted, including a Virginia-based drone manufacturer and a Maryland-based pharmaceutical company.
The Chicago Sun-Times first reported the indictment on Sunday.
Sygnia CEO Guy Segal confirmed to TechCrunch that Goldberg was a Sygnia employee and was fired after Sygnia learned of his alleged involvement in the ransomware attack. The company declined further comment, citing the FBI investigation.
Mark Grens, president of DigitalMint, told TechCrunch that Martin was an employee at the time of the alleged hacking, but was “acting completely beyond the scope of his employment.”
Glenn also acknowledged that the anonymous person may be a former employee. Grens said Digital Mint is also cooperating with the government’s investigation.
Source link
