US Prosecutors Say Cybersecurity Pros Ran Ransomware Operation

Prosecutors said three American cybersecurity professionals secretly ran a ransomware operation aimed at shaking down companies across the United States.

The three people, only two of whom – Ryan Goldberg and Kevin Martin – were identified by name, collaborated with the notorious hacking gang ALPHV BlackCat to encrypt companies’ networks in a bid to extort their owners out of millions of dollars’ worth of cryptocurrency, prosecutors alleged in an indictment filed last month in federal court in Miami.

The news was first reported by the Chicago Sun-Times on Sunday.

Goldberg has been detained ahead of trial, court records show. Martin pleaded not guilty. Lawyers for Martin and Goldberg declined to comment.

Authorities did not identify the affected companies, naming them only as firms devoted to various industries based in California, Florida, Virginia and Maryland.

Martin was identified in online course descriptions as a former employee of cybersecurity firm DigitalMint, which offers cybercrime and ransomware incident response services. Goldberg was identified by an online course provider as an incident response manager at Sygnia, another cybersecurity firm.

DigitalMint confirmed in a statement that a former employee had been indicted for participating in ransomware operations, saying he was “acting completely outside the scope of his employment” and noting that the indictment did not allege that the company had any knowledge of activity. It said the third, unnamed coconspirator “may have also been a company employee.”

It added that DigitalMint “has been and continues to be a cooperating witness in the investigation and not an investigative target.”

Sygnia said that Goldberg was fired by the company “immediately upon learning of the situation,” that the firm was not the target of the investigation and that it was working with law enforcement.