DOJ accuses US ransomware negotiators of launching their own ransomware attacks

U.S. prosecutors person charged 2 rogue employees of a cybersecurity institution that specializes successful negotiating ransom payments to hackers connected behalf of their victims, with carrying retired ransomware attacks of their own.

Last month, the Department of Justice indicted Kevin Tyler Martin and different unnamed employee, who some worked arsenic ransomware negotiators astatine DigitalMint, with 3 counts of machine hacking and extortion related to a bid of attempted ransomware attacks against astatine slightest 5 U.S.-based companies.

Prosecutors besides charged a 3rd individual, Ryan Clifford Goldberg, a erstwhile incidental effect manager astatine cybersecurity elephantine Sygnia, arsenic portion of the scheme.

The 3 are accused of hacking into companies, stealing their delicate data, and deploying ransomware developed by the ALPHV/BlackCat group.

The ALPHV/BlackCat pack operates arsenic a ransomware-as-a-service model, successful which the pack develops the file-encrypting malware utilized to bargain and scramble the victims’ data, portion its affiliates — specified arsenic the 3 individuals indicted — transportation retired the hacks and deploy the gang’s ransomware. The pack past takes a chopped of the profits made from immoderate ransom payments.

According to an FBI affidavit filed successful September, the rogue employees received much than $1.2 cardinal successful ransom payments from 1 victim, a aesculapian instrumentality shaper successful Florida. They besides targeted respective different companies, including a Virginia-based drone shaper and a Maryland-headquartered pharmaceutical company. 

The Chicago Sun-Times archetypal reported the indictment connected Sunday.

Sygnia main enforcement Guy Segal confirmed to TechCrunch that Goldberg was a Sygnia worker and was terminated aft Sygnia learned of his alleged engagement with the ransomware attacks. The institution declined to remark further citing the FBI’s ongoing investigation.

DigitalMint president Marc Grens told TechCrunch that Martin was an worker astatine the clip of the alleged hacks, but said Martin was “acting wholly extracurricular the scope of his employment.” 

Grens besides confirmed that the unnamed idiosyncratic whitethorn beryllium a erstwhile employee. DigitalMint is besides cooperating with the government’s investigation, said Grens.