Two former workers of cybersecurity firms that offered companies serving to companies fight hackers have been indicted and accused of taking part in a conspiracy, outdoors of their day jobs, to hack a number of US firms and extort them for tens of millions of {dollars}.
The two men are accused of deploying ransomware utilized by a prolific cybercriminal gang in assaults in 2023 in opposition to a medical machine agency in Florida, a pharmaceutical agency in Maryland and a drone maker in Virginia, amongst different alleged victims.
Kevin Tyler Martin of Roanoke, Texas, and Ryan Clifford Goldberg of Watkinsville, Georgia, face matching federal fees together with interfering in interstate commerce by way of extortion and deliberately damaging a protected pc, in keeping with an indictment filed within the US Southern District of Florida final month.
The men — and an unnamed alleged co-conspirator — are accused of demanding roughly $10 million from the Florida-based medical machine maker to unlock the agency’s information, and in the end acquired about $1.27 million, in keeping with the indictment.
Attorneys for Martin and Goldberg declined to remark.
It’s a case of cyber consultants allegedly switching sides within the struggle in opposition to ransomware. The thriving ransomware market has grown right into a menace that has disrupted vital companies throughout the US and price the financial system billions of {dollars}.
Cybersecurity firms typically work very carefully with the FBI and worldwide regulation enforcement to trace down and accumulate proof on ransomware gangs, which function throughout borders and time zones. Many outstanding safety firms have been integral to serving to regulation enforcement put accused ransomware operators in cuffs.
“Companies, governments and people put a lot of trust in us to try to keep them safe,” Allan Liska, who has tracked ransomware for years for cybersecurity agency Recorded Future, advised NCS. “Incidents like this erode that trust and make an already difficult job even more challenging.”
The Chicago Sun-Times first reported on the indictment.
Martin worked for DigitalMint, an Illinois-based agency that helps victims recuperate from ransomware assaults and in some instances pays ransoms, in keeping with its web site. Goldberg worked for Sygnia Cybersecurity Services, a multinational agency whose choices embrace simulating ransomware assaults for shoppers.
Martin acted “completely outside the scope of his employment,” DigitalMint mentioned in an announcement to NCS on Monday. “As expected, the indictment does not allege that the company had any knowledge of or involvement in the criminal activity. DigitalMint has been and continues to be a cooperating witness in the investigation and not an investigative target.”
“The charged conduct took place outside of DigitalMint’s infrastructure and systems,” DigitalMint’s assertion continued. “The co-conspirators did not access or compromise client data as part of the charged conduct.”
DigitalMint mentioned the unnamed co-conspirator who’s listed as a defendant within the indictment “may have also been a company employee.”
“No one potentially involved in the charged scheme has worked at the company in over 4 months,” DigitalMint mentioned.
Sygnia Cybersecurity Services mentioned it terminated Goldberg’s employment “immediately upon learning of the situation.”
“While Sygnia is not a target of this investigation, we are continuing to work closely with the Federal Bureau of Investigation,” Sygnia mentioned in its assertion. “We cannot provide further comment on the ongoing federal investigation.”
In their alleged assaults, Martin and Goldberg are accused of utilizing a ransomware referred to as ALPHV, one of the extra prolific strains of ransomware lately. Like others within the ransomware ecosystem, ALPHV’s builders promote the code to hackers and then share the proceeds of the assaults, in keeping with prosecutors and cyber consultants.
ALPHV was allegedly utilized in a debilitating ransomware assault final yr on insurance coverage billing big Change Healthcare, which reduce off well being suppliers from billions in income and snarled service at pharmacies throughout the US. Martin and Goldberg usually are not accused of involvement in that assault.