Federal indictment reveals disturbing twist as trusted cybersecurity professionals allegedly exploited insider access to carry out ransomware crimes.
A Stunning Reversal: Cyber Defenders Turned Criminals
In a startling breach of trust, the U.S. Department of Justice (DOJ) has accused two cybersecurity professionals of exploiting their roles as ransomware negotiators to conduct their own cyber extortion campaigns.
- The primary accused, Kevin Tyler Martin and an unnamed associate, both worked at DigitalMint, a company known for negotiating with hackers on behalf of ransomware victims.
- They allegedly used privileged access to hack at least five U.S.-based companies, deploying ransomware developed by the ALPHV/BlackCat gang, a known ransomware-as-a-service operation.
From Negotiation to Exploitation
Rather than protecting victims, the accused are said to have orchestrated attacks for personal gain.
- They allegedly stole sensitive company data, then deployed ransomware to encrypt files and demand payments.
- The accused received over $1.2 million in ransom from just one victim — a Florida-based medical device manufacturer.
- Other known targets include a Virginia drone maker and a pharmaceutical firm in Maryland.
Inside the Ransomware Ecosystem
The individuals reportedly operated as affiliates of the ALPHV/BlackCat ransomware gang.
- ALPHV/BlackCat provides the ransomware tools, while affiliates execute the attacks and share ransom profits with the group.
- This ransomware-as-a-service (RaaS) model has become increasingly common, making attribution and disruption more complex.
High-Level Insider Access
The case also implicates Ryan Clifford Goldberg, a former incident response manager at cybersecurity firm Sygnia.
- Goldberg allegedly participated in the hacking scheme alongside Martin and the unnamed DigitalMint employee.
- Sygnia confirmed Goldberg’s employment and stated he was terminated once his involvement became known.
Corporate Response and Ongoing Investigation
Both companies involved have responded to the allegations, emphasizing their cooperation with law enforcement.
- DigitalMint President Marc Grens clarified that Martin acted “completely outside the scope of his employment” and that the company is working with investigators.
- Sygnia declined to offer further comment, citing the ongoing FBI investigation.
A Blow to Industry Trust
This incident underscores a troubling vulnerability in the cybersecurity world: insider threats.
- Trusted professionals misusing access and knowledge for personal gain erodes trust in the very industry designed to safeguard digital assets.
- The indictment serves as a cautionary tale and raises serious questions about vetting, oversight, and the ethical obligations of cybersecurity personnel.
U.S. prosecutors have charged cybersecurity insiders — including employees of DigitalMint and Sygnia — with conducting ransomware attacks while posing as protectors. Exploiting their trusted roles, they allegedly extorted over $1.2M from victims using ALPHV/BlackCat ransomware.
