Former Cybersecurity Professionals Sentenced for BlackCat Ransomware Attacks
Two former employees of cybersecurity firms Ryan Clifford Goldberg, 40, a former incident response manager at Sygnia, and Kevin Tyler Martin, 36, a ransomware negotiator at DigitalMint were sentenced to four years in prison each for their roles in BlackCat (ALPHV) ransomware attacks. Alongside accomplice Angelo Martino, 41, the trio operated as affiliates between May and November 2023, targeting U.S. businesses in exchange for a 20% cut of ransom payments.
Victims included a Maryland pharmaceutical company, a Tampa medical device manufacturer, a California engineering firm, a Virginia drone manufacturer, and a California doctor’s office. The Tampa-based medical device company paid $1.27 million after receiving a $10 million ransom demand in May 2023, with funds laundered and split among the conspirators. Other victims faced demands ranging from $300,000 to $10 million, though additional payments remain unconfirmed.
U.S. Attorney Jason A. Reding Quiñones condemned the defendants for weaponizing their cybersecurity expertise to extort businesses, locking critical systems and stealing sensitive data. DigitalMint terminated both employees upon discovering their involvement, with CEO Jonathan Solomon denouncing their actions as a violation of ethical and legal standards.
BlackCat, linked to over 60 breaches between November 2021 and March 2022, has extorted at least $300 million from more than 1,000 victims as of September 2023, according to the FBI. The case highlights the growing threat of insider-enabled ransomware operations.
Maryland pharmaceutical company TPRM report: https://www.rankiteo.com/company/ondemandpharma
Virginia drone manufacturer TPRM report: https://www.rankiteo.com/company/west-virginia-university-school-of-medicine
California doctor’s office TPRM report: https://www.rankiteo.com/company/california-rural-legal-assistance-inc.
California engineering firm TPRM report: https://www.rankiteo.com/company/california-rural-legal-assistance-inc.
"id": "calwesond1777623928",
"linkid": "california-rural-legal-assistance-inc., west-virginia-university-school-of-medicine, ondemandpharma",
"type": "Ransomware",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare/Pharmaceutical',
'location': 'Maryland, USA',
'name': 'Maryland pharmaceutical company',
'type': 'Pharmaceutical'},
{'industry': 'Healthcare/Medical Devices',
'location': 'Tampa, Florida, USA',
'name': 'Tampa medical device manufacturer',
'type': 'Medical Device Manufacturer'},
{'industry': 'Engineering',
'location': 'California, USA',
'name': 'California engineering firm',
'type': 'Engineering'},
{'industry': 'Defense/Aerospace',
'location': 'Virginia, USA',
'name': 'Virginia drone manufacturer',
'type': 'Drone Manufacturer'},
{'industry': 'Healthcare',
'location': 'California, USA',
'name': 'California doctor’s office',
'type': 'Medical Practice'}],
'attack_vector': 'Insider-enabled ransomware operations',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive data'},
'description': 'Two former employees of cybersecurity firms, Ryan Clifford '
'Goldberg and Kevin Tyler Martin, were sentenced to four years '
'in prison each for their roles in BlackCat (ALPHV) ransomware '
'attacks. They operated as affiliates between May and November '
'2023, targeting U.S. businesses in exchange for a 20% cut of '
'ransom payments. Victims included a Maryland pharmaceutical '
'company, a Tampa medical device manufacturer, a California '
'engineering firm, a Virginia drone manufacturer, and a '
'California doctor’s office.',
'impact': {'data_compromised': 'Sensitive data stolen',
'financial_loss': '$1.27 million (Tampa medical device company) + '
'unconfirmed payments from other victims',
'operational_impact': 'Extortion of businesses, disruption of '
'operations',
'systems_affected': 'Critical systems locked'},
'investigation_status': 'Closed (sentencing completed)',
'lessons_learned': 'Growing threat of insider-enabled ransomware operations; '
'need for stricter oversight of cybersecurity '
'professionals.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Termination of involved '
'employees; legal action',
'root_causes': 'Insider involvement; exploitation '
'of cybersecurity expertise for '
'malicious purposes'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': ['$300,000',
'$10 million',
'$1.27 million paid (Tampa medical device '
'company)'],
'ransom_paid': '$1.27 million (Tampa medical device company)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'references': [{'source': 'U.S. Department of Justice'}, {'source': 'FBI'}],
'regulatory_compliance': {'legal_actions': 'Criminal sentencing (4 years in '
'prison for Goldberg and Martin)'},
'response': {'law_enforcement_notified': 'Yes (FBI involved)'},
'threat_actor': ['Ryan Clifford Goldberg',
'Kevin Tyler Martin',
'Angelo Martino'],
'title': 'Former Cybersecurity Professionals Sentenced for BlackCat '
'Ransomware Attacks',
'type': 'Ransomware'}