The Florida-based medical device company fell victim to a targeted ransomware attack executed by cybersecurity professionals Ryan Clifford Goldberg (incident response manager at Sygnia) and Kevin Tyler Martin (ransomware negotiator at DigitalMint) alongside an unnamed co-conspirator. The attackers deployed ALPHV/BlackCat ransomware, encrypting critical servers and exfiltrating sensitive data. The company faced immediate operational disruption and the threat of financial and reputational damage due to the theft of proprietary and potentially regulated data. Under duress, the company paid a ransom of $1.274 million in cryptocurrency to the attackers, despite the initial demand being $10 million. The incident occurred between May and November 2023, with the first intrusion dated around May 13, 2023. The attack not only compromised data integrity but also exposed systemic vulnerabilities, as the perpetrators leveraged their insider knowledge of cybersecurity practices to evade detection. The financial loss was compounded by potential long-term reputational harm, regulatory scrutiny, and the cost of recovery efforts, including forensic investigations and system restoration.
Source: https://www.theregister.com/2025/11/03/rogue_ransomware_negotiators/
TPRM report: https://www.rankiteo.com/company/surgentecllc
"id": "sur2402124110425",
"linkid": "surgentecllc",
"type": "Ransomware",
"date": "5/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'healthcare/medical devices',
'location': 'Tampa, Florida, USA',
'name': 'Medical Device Company (Tampa, FL)',
'type': 'private company'},
{'industry': 'pharmaceuticals',
'location': 'Maryland, USA',
'name': 'Pharmaceutical Firm (Maryland)',
'type': 'private company'},
{'industry': 'healthcare',
'location': 'California, USA',
'name': "Doctor's Office (California)",
'type': 'private practice/healthcare provider'},
{'industry': 'engineering',
'location': 'California, USA',
'name': 'Engineering Company (California)',
'type': 'private company'},
{'industry': 'aerospace/defense',
'location': 'Virginia, USA',
'name': 'Drone Manufacturer (Virginia)',
'type': 'private company'},
{'customers_affected': 'none (per company statement)',
'industry': 'cybersecurity/incident response',
'location': 'Illinois, USA',
'name': 'DigitalMint',
'type': 'private company'},
{'customers_affected': 'none (per company statement)',
'industry': 'cybersecurity/incident response',
'location': 'global',
'name': 'Sygnia Cybersecurity Services',
'type': 'private company'}],
'data_breach': {'data_encryption': 'yes (via ALPHV/BlackCat)',
'data_exfiltration': 'yes (prior to encryption)',
'sensitivity_of_data': 'high (per ransom demands)',
'type_of_data_compromised': 'sensitive corporate data '
'(specifics undisclosed)'},
'date_detected': '2023-05-13',
'date_publicly_disclosed': '2024-10-02',
'description': 'Ryan Clifford Goldberg (incident response manager at Sygnia) '
'and Kevin Tyler Martin (ransomware negotiator at '
'DigitalMint), along with an unnamed co-conspirator, allegedly '
'conducted ransomware attacks using ALPHV/BlackCat against '
'multiple US companies between May and November 2023. The '
'attacks targeted a Florida medical device company, a Maryland '
"pharmaceutical firm, a California doctor's office, a "
'California engineering company, and a Virginia drone '
'manufacturer. The Florida medical device company paid a '
'~$1.274M ransom in cryptocurrency after a $10M demand. The '
'other victims did not appear to pay ransoms. The indictment '
'does not specify initial access methods, but the first '
'intrusion occurred around May 13, 2023.',
'impact': {'brand_reputation_impact': 'potential reputational damage to '
'victims and employers (DigitalMint, '
'Sygnia)',
'data_compromised': 'sensitive corporate data (details '
'undisclosed)',
'financial_loss': '$1,274,000 (paid by Victim Company 1; other '
'financial impacts undisclosed)',
'legal_liabilities': 'indictment of perpetrators (Ryan Clifford '
'Goldberg, Kevin Tyler Martin, Co-Conspirator '
'1)',
'operational_impact': 'fear of financial loss (Victim Company 1); '
'disruption to business operations (all '
'victims)',
'systems_affected': ['servers (Victim Company 1)',
'networks (all victims)']},
'initial_access_broker': {'high_value_targets': ['medical device company (FL)',
'pharmaceutical firm (MD)',
"doctor's office (CA)",
'engineering company (CA)',
'drone manufacturer (VA)']},
'investigation_status': 'ongoing (FBI-led; indictments filed)',
'motivation': 'financial gain',
'post_incident_analysis': {'corrective_actions': ['termination of involved '
'employees (Sygnia)',
'cooperation with law '
'enforcement (DigitalMint, '
'Sygnia)',
'FBI investigation'],
'root_causes': ['insider threat (abuse of '
'cybersecurity expertise)',
'potential exploitation of '
'privileged access or knowledge '
'from employment at '
'DigitalMint/Sygnia']},
'ransomware': {'data_encryption': 'yes',
'data_exfiltration': 'yes',
'ransom_demanded': '$10,000,000 (Victim Company 1); amounts '
'for other victims undisclosed',
'ransom_paid': '$1,274,000 (Victim Company 1 only)',
'ransomware_strain': 'ALPHV/BlackCat'},
'references': [{'source': 'The Register',
'url': 'https://www.theregister.com/2024/10/04/ransomware_negotiator_indicted/'},
{'date_accessed': '2024-10-02',
'source': 'US Department of Justice Indictment (PDF)'}],
'regulatory_compliance': {'legal_actions': ['indictment of Ryan Clifford '
'Goldberg, Kevin Tyler Martin, '
'and Co-Conspirator 1 '
'(2024-10-02)']},
'response': {'communication_strategy': ['DigitalMint public statement '
'(denying involvement)',
'Sygnia public statement (confirming '
'termination of employee)'],
'law_enforcement_notified': 'yes (FBI led investigation)',
'third_party_assistance': ['FBI investigation',
'DigitalMint cooperation',
'Sygnia cooperation']},
'stakeholder_advisories': ['DigitalMint statement (2024-10-02)',
'Sygnia statement (2024-10-02)'],
'threat_actor': ['Ryan Clifford Goldberg',
'Kevin Tyler Martin',
"Unnamed Co-Conspirator (Land O'Lakes, FL)"],
'title': 'Cybersecurity Professionals Indicted for ALPHV/BlackCat Ransomware '
'Attacks on US Companies',
'type': ['ransomware', 'data breach', 'extortion']}