In May 2023, the company fell victim to a targeted ALPHV BlackCat ransomware attack orchestrated by affiliates Ryan Clifford Goldberg and Kevin Tyler Martin. The attackers encrypted critical servers, crippling operations and exfiltrating sensitive data before demanding a $10 million ransom. Under duress, the company negotiated a reduced payment of $1.27 million in cryptocurrency to regain access to its systems. The incident caused major operational disruptions, including delays in medical device production and supply chain interruptions, while exposing proprietary and potentially regulated data. The financial strain extended beyond the ransom, encompassing forensic investigations, system restoration, and reputational damage. As a healthcare-adjacent entity, the breach raised concerns about patient safety risks tied to device functionality and data integrity. The attack was part of a broader ALPHV campaign targeting U.S. infrastructure, with federal prosecutors later linking it to a structured ransomware-as-a-service (RaaS) operation involving dark web negotiations and cryptocurrency laundering.
Source: https://cyberpress.org/experts-arrested-alphv-blackcat/
TPRM report: https://www.rankiteo.com/company/conmed-corporation
"id": "con2732427110525",
"linkid": "conmed-corporation",
"type": "Ransomware",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'medical devices',
'location': 'Tampa, Florida, USA',
'name': 'Tampa-based medical device company',
'type': 'private'},
{'industry': 'pharmaceuticals',
'location': 'Maryland, USA',
'name': 'Maryland pharmaceutical company',
'type': 'private'},
{'industry': 'healthcare',
'location': 'California, USA',
'name': 'California-based doctor’s office',
'type': 'private'},
{'industry': 'engineering',
'location': 'California, USA',
'name': 'California engineering firm',
'type': 'private'},
{'industry': 'aerospace/defense (drones)',
'location': 'Virginia, USA',
'name': 'Virginia drone manufacturer',
'type': 'private'}],
'attack_vector': ['phishing/social engineering (likely)',
'exploiting vulnerabilities',
'dark web negotiation panel'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': 'likely (healthcare '
'targets)',
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['sensitive corporate data',
'potentially PII/PHI (healthcare '
'targets)']},
'date_publicly_disclosed': '2025-10-02',
'description': 'Federal prosecutors charged Ryan Clifford Goldberg and Kevin '
'Tyler Martin with orchestrating a sophisticated ransomware '
'operation using the ALPHV BlackCat strain. The duo targeted '
'at least five major U.S. corporations across medical device, '
'pharmaceutical, engineering, and drone manufacturing sectors '
'between May 2023 and April 2025. The attacks involved data '
'theft, encryption, and ransom demands totaling tens of '
'millions in cryptocurrency. The case highlights federal '
'efforts to combat ransomware-as-a-service (RaaS) operations '
'and their affiliates.',
'impact': {'brand_reputation_impact': 'significant (due to high-profile '
'attacks)',
'data_compromised': True,
'downtime': True,
'financial_loss': 'tens of millions (cryptocurrency ransom '
'payments)',
'legal_liabilities': ['federal charges (extortion, computer '
'damage)',
'asset forfeiture'],
'operational_impact': 'major disruptions across targeted sectors',
'systems_affected': ['servers', 'operational systems']},
'initial_access_broker': {'backdoors_established': True,
'high_value_targets': ['medical device companies',
'pharmaceutical firms',
'engineering firms',
'drone manufacturers']},
'investigation_status': 'ongoing prosecution (charges filed as of October 2, '
'2025)',
'lessons_learned': "The case demonstrates the federal government's ability to "
'trace ransomware affiliates despite cryptocurrency use, '
'signaling increased legal risks for RaaS participants. It '
'also highlights the persistent threat of RaaS models to '
'critical infrastructure sectors.',
'motivation': 'financial gain',
'post_incident_analysis': {'root_causes': ['Likely initial access via '
'phishing or unpatched '
'vulnerabilities',
'Inadequate segmentation allowing '
'lateral movement',
'Lack of immutable backups forcing '
'ransom payments']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': ['$10 million (Tampa medical device '
'company)',
'$5 million (California doctor’s office)',
'$1 million (California engineering firm)',
'$300,000 (Virginia drone manufacturer)',
'unspecified (Maryland pharmaceutical '
'company)'],
'ransom_paid': ['$1.27 million (Tampa medical device company)'],
'ransomware_strain': 'ALPHV BlackCat'},
'recommendations': ['Enhance endpoint detection and response (EDR) '
'capabilities to detect ransomware early.',
'Implement robust backup and recovery plans to mitigate '
'ransomware impact.',
'Conduct regular security awareness training to prevent '
'initial access via phishing.',
'Monitor dark web forums for stolen data or ransomware '
'negotiations.',
'Collaborate with law enforcement to disrupt RaaS '
'operations.'],
'references': [{'date_accessed': '2025-10-02',
'source': 'U.S. Department of Justice (Southern District of '
'Florida)'}],
'regulatory_compliance': {'legal_actions': ['federal prosecution (extortion, '
'computer damage)',
'asset forfeiture']},
'response': {'containment_measures': ['ransom negotiations',
'decryption tool acquisition '
'(post-payment)'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['system restoration (post-ransom '
'payment)']},
'threat_actor': ['Ryan Clifford Goldberg', 'Kevin Tyler Martin'],
'title': 'ALPHV BlackCat Ransomware Attacks by Cybersecurity Professionals '
'(2023-2025)',
'type': ['ransomware', 'data breach', 'extortion']}