Three individuals in the United States have been accused by federal prosecutors of hacking into the networks of five U.S. companies using BlackCat ransomware between May and November 2023, extorting them for financial gain.
Ryan Clifford Goldberg, Kevin Tyler Martin, and an unidentified co-conspirator, all American citizens based in Florida, allegedly targeted a variety of businesses including a medical device company in Tampa, a pharmaceutical company in Maryland, a doctor’s office in California, an engineering firm in California, and a drone manufacturer in Virginia.
An indictment reported by the Chicago Sun-Times revealed that Martin and the co-conspirator were working as ransomware threat negotiators for DigitalMint, while Goldberg was an incident response manager at cybersecurity company Sygnia during the time of the attacks.
All three individuals are no longer employed by their respective companies, with both DigitalMint and Sygnia cooperating with law enforcement. In a separate investigation, the FBI was reportedly looking into a former DigitalMint employee for allegedly taking a portion of ransomware payments.
According to the indictment, Goldberg, Martin, and the co-conspirator conspired to access company networks unlawfully, steal data, install BlackCat ransomware, demand cryptocurrency payments, and share the profits among themselves.
- In May 2023, the medical device company paid approximately $1,274,000 in virtual currency out of a $10,000,000 ransom demand.
- In May 2023, an unspecified ransom was demanded from another company.
- In July 2023, the doctor’s office faced a $5,000,000 ransom demand.
- In October 2023, the engineering company was asked for $1,000,000.
- In November 2023, the drone manufacturer was targeted for $300,000.
While financial demands were unsuccessful with other victims, Martin has pleaded not guilty, while Goldberg admitted to participating in the attacks to alleviate personal debt. Both face charges including conspiracy to extort, interference with commerce, and damage to protected computers, potentially leading to up to 50 years in prison.
