The cybersecurity industry just got rocked by the ultimate inside job. Federal prosecutors charged two ransomware negotiators - the very people companies hire to deal with hackers - with secretly running their own ransomware attacks and pocketing over $1.2 million. It's like finding out your bodyguard is moonlighting as a hitman.
The Department of Justice just dropped a bombshell that's sending shockwaves through the cybersecurity world. Two employees at DigitalMint, a company that specializes in negotiating ransom payments for hack victims, have been charged with running their own ransomware operation on the side. It's the kind of betrayal that makes you question everything about trust in cybersecurity.
According to DOJ court documents, Kevin Tyler Martin and an unnamed DigitalMint employee worked as affiliates for the notorious ALPHV/BlackCat ransomware gang. They weren't just helping victims recover from attacks - they were launching them. The third defendant, Ryan Clifford Goldberg, was an incident response manager at cybersecurity giant Sygnia before getting caught up in this scheme.
The ALPHV/BlackCat operation runs like a criminal franchise. The core gang develops the file-encrypting malware, while affiliates like these three handle the dirty work of breaking into companies and deploying the ransomware. When victims pay up, everyone gets a cut. It's ransomware-as-a-service, and business was apparently booming for this inside crew.
FBI documents reveal the scope of their operation. They hit at least five US companies, including a Florida medical device manufacturer that paid over $1.2 million in ransom. Other targets included a Virginia drone maker and a Maryland pharmaceutical company. The irony is thick - these guys probably knew exactly how much companies were willing to pay because they'd negotiated similar deals for other victims.
Sygnia CEO Guy Segal confirmed to TechCrunch that Goldberg was terminated once the company learned of his alleged involvement. "We declined to comment further citing the FBI's ongoing investigation," Segal said, which is corporate speak for 'we're mortified and lawyered up.'
DigitalMint president Marc Grens tried to distance his company from Martin's actions, telling reporters that Martin was "acting completely outside the scope of his employment." He also confirmed that the unnamed defendant might be a former employee and stressed that DigitalMint is cooperating with investigators. It's damage control mode for a company whose entire business model depends on client trust.
