U.S. prosecutors have charged two rogue employees of a cybersecurity company that specializes in negotiating ransom payments to hackers on behalf of their victims, with carrying out ransomware attacks of their own.
Last month, the Department of Justice indicted Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.
Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, as part of the scheme.
The three are accused of hacking into companies, stealing their sensitive data, and deploying ransomware developed by the ALPHV/BlackCat group.
The ALPHV/BlackCat gang operates as a ransomware-as-a-service model, in which the gang develops the file-encrypting malware used to steal and scramble the victims’ data, while its affiliates — such as the three individuals indicted — carry out the hacks and deploy the gang’s ransomware. The gang then takes a cut of the profits made from any ransom payments.
According to an FBI affidavit filed in September, the rogue employees received more than $1.2 million in ransom payments from one victim, a medical device maker in Florida. They also targeted several other companies, including a Virginia-based drone maker and a Maryland-headquartered pharmaceutical company.
The Chicago Sun-Times first reported the indictment on Sunday.
Sygnia chief executive Guy Segal confirmed to TechCrunch that Goldberg was a Sygnia employee and was terminated after Sygnia learned of his alleged involvement with the ransomware attacks. The company declined to comment further citing the FBI’s ongoing investigation.
DigitalMint president Marc Grens told TechCrunch that Martin was an employee at the time of the alleged hacks, but said Martin was “acting completely outside the scope of his employment.”
Grens also confirmed that the unnamed individual may be a former employee. DigitalMint is also cooperating with the government’s investigation, said Grens.
