A Florida-based medical device company fell victim to a **BlackCat (ALPHV) ransomware attack** orchestrated by three cybersecurity professionals—Kevin Tyler Martin, Ryan Clifford Goldberg, and an unnamed co-conspirator—who exploited their insider knowledge of ransomware negotiation and incident response. The attackers **encrypted critical data, stole sensitive information, and demanded a ransom of $15.4 million (US$10 million)**, ultimately extorting **$1.96 million (US$1.27 million) in cryptocurrency** from the victim. The breach disrupted operations, instilled fear of financial and reputational damage, and exposed the company to potential regulatory scrutiny. The attackers, leveraging their roles at **DigitalMint** and **Sygnia Consulting**, exploited trust to deploy ransomware, demonstrating a severe **insider threat** with deliberate malicious intent. The incident highlights the risks of privileged access abuse in cybersecurity-critical industries, where **healthcare data integrity and operational continuity** were directly compromised. The company’s recovery efforts likely involved forensic investigations, system restoration, and heightened security measures to mitigate future risks.
Source: https://ia.acs.org.au/article/2025/the-cyber-professionals-moonlighting-as-hackers.html
Biolife, a wholly owned subsidiary of Merit Medical cybersecurity rating report: https://www.rankiteo.com/company/biolife
"id": "bio4503245111125",
"linkid": "biolife",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Medical Devices',
'location': 'Florida, USA',
'name': 'Unnamed Florida Medical Device Company',
'type': 'Private Corporation'},
{'industry': ['Healthcare', 'Engineering'],
'name': 'Four Additional Victims (Medical/Engineering '
'Sectors)',
'type': ['Private Corporations',
'Potential Public Entities']},
{'customers_affected': 'None (per company statement)',
'industry': 'Cybersecurity',
'location': 'Chicago, Illinois, USA',
'name': 'DigitalMint',
'type': 'Incident Response Specialist'},
{'customers_affected': 'None (per company statement)',
'industry': 'Cybersecurity',
'location': 'Israel',
'name': 'Sygnia Consulting Ltd',
'type': 'Cybersecurity Consulting Firm'}],
'attack_vector': ['Ransomware-as-a-Service (BlackCat/ALPHV)',
'Unauthorized Access',
'Data Exfiltration',
'Insider Abuse of Privileges'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': ['Potentially high '
'(medical/engineering sector data)']},
'date_resolved': '2025-04-00',
'description': 'Three cybersecurity professionals—Kevin Tyler Martin (Texas), '
'Ryan Clifford Goldberg (Georgia), and an unnamed '
'Florida-based individual—were indicted for conducting '
'ransomware attacks using the BlackCat (ALPHV) strain between '
'May 2023 and April 2025. The group targeted five businesses '
'in the medical and engineering sectors, extorting nearly $2 '
'million in cryptocurrency, including a $1.96 million payment '
'from a Florida-based medical device company. The attackers '
'exploited their insider knowledge from roles at DigitalMint '
'and Sygnia Consulting Ltd. Charges include conspiracy to '
'interfere with interstate commerce by extortion, intentional '
'damage to protected computers, and extortion. BlackCat, a '
'Ransomware-as-a-Service (RaaS) operation, was notably open to '
'English-speaking affiliates, unlike other groups.',
'impact': {'brand_reputation_impact': ['Potential reputational damage to '
'victim organizations',
'Negative publicity for DigitalMint '
'and Sygnia due to insider '
'involvement'],
'data_compromised': True,
'financial_loss': '$1.96 million (paid by one victim); Total '
'demands ranged from $300,000 to $15.4 million',
'legal_liabilities': ['Ongoing legal proceedings against Martin '
'and Goldberg',
'Potential civil lawsuits from victims'],
'operational_impact': ['Fear of financial loss due to data '
'theft/encryption',
'Potential disruption to '
'medical/engineering operations'],
'systems_affected': True},
'initial_access_broker': {'high_value_targets': ['Medical and engineering '
'sector companies']},
'investigation_status': 'Ongoing (Trial Pending)',
'lessons_learned': ['Insider threats pose significant risks, even from '
'trusted cybersecurity professionals.',
'Ransomware-as-a-Service (RaaS) models enable low-barrier '
'entry for affiliates, including English speakers.',
'Technical controls and monitoring are critical but not '
'foolproof against determined insiders.',
'Organizations must balance trust in employees with '
'robust oversight mechanisms.'],
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': ['Abuse of insider privileges by '
'cybersecurity professionals with '
'specialized knowledge.',
'Lax oversight or detection '
'mechanisms for employees handling '
'ransomware negotiations/incident '
'response.',
'Profit-driven motivation '
'exploiting RaaS affordability and '
'accessibility.']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': ['$15.4 million (highest demand)',
'$1.96 million (paid by Florida medical '
'device company)',
'Ranged from $300,000 to $5 million in '
'other cases'],
'ransom_paid': '$1.96 million (by one victim)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'recommendations': ['Enhance background checks and continuous monitoring for '
'employees in high-risk roles (e.g., incident response, '
'ransomware negotiation).',
'Implement stricter access controls and segregation of '
'duties for sensitive systems/data.',
'Develop insider threat detection programs with '
'behavioral analytics.',
'Foster a culture of ethical accountability and '
'whistleblowing in cybersecurity firms.',
'Collaborate with law enforcement proactively to disrupt '
'RaaS operations.'],
'references': [{'source': 'Information Age'},
{'source': 'US Department of Justice (Indictment)'},
{'source': 'Intel 471 (Cyber Threat Intelligence)'},
{'source': 'Exabeam Report on Insider Threats (2025)'},
{'source': "Archive.li (Ryan Goldberg's SANS Institute "
'Profile)',
'url': 'https://archive.li/...'}],
'regulatory_compliance': {'legal_actions': ['Indictments for conspiracy, '
'extortion, and computer damage',
'Ongoing trial (Martin pleaded '
'not guilty; Goldberg detained)']},
'response': {'communication_strategy': ['Public statements from DigitalMint '
'and Sygnia denying organizational '
'involvement',
'Media coverage of indictments'],
'law_enforcement_notified': True,
'third_party_assistance': ['FBI Investigation',
'Cooperation from DigitalMint and '
'Sygnia']},
'stakeholder_advisories': ['DigitalMint and Sygnia issued statements '
'distancing themselves from the criminal activity '
'and confirming cooperation with the FBI.',
'Victim organizations (e.g., Florida medical '
'device company) likely issued internal '
'advisories, though details are not public.'],
'threat_actor': [{'affiliation': 'BlackCat/ALPHV Affiliate',
'location': 'Texas, USA',
'name': 'Kevin Tyler Martin',
'role': 'Former Ransomware Negotiator at DigitalMint'},
{'affiliation': 'BlackCat/ALPHV Affiliate',
'location': 'Georgia, USA',
'name': 'Ryan Clifford Goldberg',
'role': 'Former Incident Response Supervisor at Sygnia '
'Consulting Ltd'},
{'affiliation': 'BlackCat/ALPHV Affiliate',
'location': 'Florida, USA',
'name': 'Unnamed Co-Conspirator',
'role': 'Unknown (Potential DigitalMint Employee)'},
{'affiliation': 'BlackCat/ALPHV Group (Defunct as of '
'December 2023)',
'name': 'BlackCat/ALPHV RaaS Operators',
'role': 'Ransomware Developers/Operators'}],
'title': 'Cybersecurity Professionals Indicted for BlackCat Ransomware '
'Attacks Yielding Nearly $2 Million',
'type': ['Ransomware Attack', 'Insider Threat', 'Data Theft', 'Extortion']}