Security Experts Charged with Launching BlackCat Ransomware Attacks
Former cybersecurity pros at two companies are facing federal charges for allegedly hacking into the networks of five companies in the United States using the notorious BlackCat (ALPHV) ransomware to steal data and extort payments from the victim
Security Experts Charged with Launching BlackCat Ransomware Attacks
Former cybersecurity pros at two companies are facing federal charges for allegedly hacking into the networks of five companies in the United States using the notorious BlackCat (ALPHV) ransomware to steal data and extort payments from the victims.One of those indicted in U.S. District Court in Florida – Kevin Tyler Martin of Texas, as well as an unindicted and unnamed co-conspirator, referred to in the indictment as “Co-Conspirator 1″ – were ransom negotiators with threat intelligence and response company DigitalMint, according to the Chicago Sun-Times, which first reported about the indictments.
The third man, Ryan Clifford Goldberg, a Georgia resident who reportedly has been in custody since 2023, was an incident response manager for Sygnia Cybersecurity Services.None of the three still work for those companies.Five Businesses AttackedAll three are accused of launching ransomware attacks against the companies, which included three healthcare firms – a medical device company in Florida, a Maryland-based pharmaceutical firm, and a doctor’s office in California. The other two victims were an engineering company in California and a drone manufacturer in Virginia.They allegedly ran a conspiracy throughout 2023 by using the BlackCat ransomware to access the networks and systems of the targeted company, encrypting and stealing data, and then demanding ransoms in cryptocurrency in exchange for decryption keys and promising not to publish the stolen information. They divided whatever money they received between them, according to the indictment.They demanded ransom payments ranged between $300,000 from the drone company and $10 million from the medical device firm, which eventually paid the three more than $1.27 million in crypto.DigitalMint in a statement to media outlets said that the “charged conduct took place outside of DigitalMint’s infrastructure and systems. The co-conspirators did not access or compromise client data as part of the charged conduct.”Both ArrestedAccording to reports, Goldberg was arrested in September and is still in custody after being deemed a flight risk, having left the country for several months this year before being arrested in Mexico and deported to the United States. Martin was arrested last month and freed on $400,000 bond.BlackCat emerged in 2021 and was run as a ransomware-as-a-service (RaaS) operation, becoming a widely used by affiliates attacking healthcare and other industries. The FBI and CISA released a joint advisory about the group in 2023, noting that over a two-year period, the group and affiliates had demanded more than $500 million and received $300 million in ransom payments. A year earlier, the U.S. Health and Human Services Department issued a warning about the group.A Resilient BlackCatThe State Department last year estimated that BlackCat and its affiliates were responsible for attacking more than 1,000 victims and announced a reward of up to $10 million for information that leads to the identification or location of any of the group’s leaders. A BlackCat affiliate was behind the massive breach last year at Change Healthcare, which shut down many of the company’s systems and disrupted hospitals and pharmacies around the country.U.S. law enforcement authorities and those from other countries last year disrupted BlackCat’s operations, though the group rallied after the takedown to continue doing business.
About Author
