Three former employees of cybersecurity firms DigitalMint and Sygnia have been indicted for allegedly participating in a series of BlackCat (ALPHV) ransomware attacks that targeted five US companies between May and November 2023.
According to unsealed court documents, Kevin Tyler Martin, 28, of Roanoke, Texas; Ryan Clifford Goldberg, 33, of Watkinsville, Georgia; and an unnamed co-conspirator face charges of conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers. If convicted, the defendants could face up to 50 years in prison -20 years for each extortion charge and an additional 10 years for computer damage.
The indictment alleges that Martin and his unnamed associate were ransomware negotiators at DigitalMint, while Goldberg previously worked as an incident response manager at Sygnia. Prosecutors claim the trio acted as affiliates of the BlackCat ransomware gang, breaching corporate networks, stealing sensitive data, encrypting systems, and demanding cryptocurrency payments in exchange for decryption keys and non-disclosure of stolen files.
The alleged victims include a medical device manufacturer, a pharmaceutical company, a doctor’s office, an engineering firm, and a drone manufacturer. Ransom demands reportedly ranged from $300,000 to $10 million. Only one company reportedly pain $1.27 million in ransom after refusing an initial $10 million demand.
In 2023, the US Department of Justice (DoJ) reportedly began investigating a former DigitalMint negotiator suspected of collaborating with ransomware operators. Officials have not confirmed whether that probe is linked to the current indictment.
Martin has pleaded not guilty, while Goldberg remains in federal custody pending trial. The DoJ has not released details about the third suspect.
