In a significant turn of events, three former employees from cybersecurity incident response firms have been indicted for allegedly orchestrating BlackCat (ALPHV) ransomware attacks against five U.S. companies. The defendants, who once worked to defend against such threats, are now accused of operating as affiliates for the notorious ransomware gang.

The individuals face charges of conspiracy to interfere with interstate commerce by extortion and intentional damage to protected computers. If convicted, they could receive up to 20 years in prison for the extortion charge alone. The attacks reportedly took place between May and November 2023.

The Accused Insiders

The indictment names 28-year-old Kevin Tyler Martin, a former ransomware threat negotiator at DigitalMint, and 33-year-old Ryan Clifford Goldberg, a former incident response manager at Sygnia. A third, unnamed accomplice, who also worked as a negotiator at DigitalMint, is included in the charges. According to the Department of Justice, the group leveraged their expertise to gain unauthorized network access, steal sensitive data, and deploy the BlackCat encryption malware.

Attack Details and Demands

The victims of this alleged insider scheme include a diverse range of organizations, such as a medical device manufacturer, a pharmaceutical company, and an engineering firm. The attackers demanded ransoms ranging from $300,000 to as high as $10 million. Prosecutors confirmed that one victim, a Tampa-based medical device company, paid $1.27 million to the attackers. This case highlights a disturbing trend where industry experts allegedly cross the line to profit from the very cybercrimes they were once paid to prevent.

Source: https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-indicted-for-blackcat-ransomware-attacks/