Imagine the very people hired to protect you from cybercriminals turning into the attackers themselves. That’s exactly what the U.S. Department of Justice is alleging in a shocking case that’s sending ripples through the cybersecurity world. U.S. prosecutors have filed charges against two former employees of a cybersecurity firm, known for negotiating ransom payments on behalf of victims, accusing them of orchestrating their own ransomware attacks. But here’s where it gets even more twisted: these individuals allegedly exploited their insider knowledge to hack into companies, steal sensitive data, and deploy ransomware developed by the notorious ALPHV/BlackCat group.
Last month, the DOJ indicted Kevin Tyler Martin and an unnamed colleague, both former ransomware negotiators at DigitalMint, on three counts of computer hacking and extortion. These charges stem from a series of attempted ransomware attacks targeting at least five U.S.-based companies. And this is the part most people miss: a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, was also charged as part of the scheme.
The ALPHV/BlackCat gang operates under a ransomware-as-a-service model, where they develop the malware used to encrypt and steal victims’ data, while affiliates—like the indicted individuals—execute the attacks and deploy the ransomware. The gang then takes a cut of the ransom payments. According to an FBI affidavit filed in September, the rogue employees allegedly pocketed over $1.2 million in ransom payments from a single victim, a Florida-based medical device manufacturer. Their targets also included a Virginia drone maker and a Maryland pharmaceutical company.
The Chicago Sun-Times broke the story on Sunday, shedding light on the indictment. Sygnia’s CEO, Guy Segal, confirmed to TechCrunch that Goldberg was terminated after the company learned of his alleged involvement. DigitalMint’s president, Marc Grens, stated that Martin was an employee at the time of the attacks but emphasized he was “acting completely outside the scope of his employment.” Grens also hinted that the unnamed individual might be a former employee and assured that DigitalMint is fully cooperating with the investigation.
But here’s the controversial question: Does this case expose a deeper vulnerability in the cybersecurity industry, where trust in insiders can be dangerously misplaced? Or is this an isolated incident of greed and betrayal? The FBI’s ongoing investigation will likely uncover more details, but one thing is clear: the line between protector and predator has never been blurrier.
What’s your take? Do you think this is a one-off case, or a symptom of a larger issue in the cybersecurity industry? Let us know in the comments below.
For more insights into the ever-evolving world of cybersecurity, subscribe to This Week in Security, authored by TechCrunch’s security editor, Zack Whittaker. You can reach him via encrypted message at zackwhittaker.1337 on Signal or by email at zack.whittaker@techcrunch.com. Stay informed, stay secure.
