Cyber incident responders Ryan Goldberg and Kevin Martin have been sentenced to four years in prison for their involvement in covert ransomware attacks. The two men, aged 40 and 36 respectively, pleaded guilty in December to one count of conspiracy to obstruct commerce by extortion.
Goldberg, who worked for incident response firm Sygnia, and Martin, a ransomware negotiator for DigitalMint, launched ALPHV/BlackCat ransomware attacks between April and December 2023, abusing their cyber incident response positions to extort victims. They worked alongside another co-conspirator, Angelo Martino, to launch several attacks, but only successfully extorted one company, earning $1.2 million from the incident.
Ransomware Attacks and Extortion
Prosecutors stated that the men harmed important companies that were providing critical services and "played hardball with them, going so far as to cause the leak of patient data from a doctor’s office victim." Assistant Attorney General Andrew Tysen Duva said, "These were supposed to be cybersecurity specialists who did good and helped businesses and people."
FBI Assistant Director Brett Leatherman noted that the FBI had to track Goldberg through 10 countries after he fled abroad before his arrest. The sentences come one week after Martino pleaded guilty to the same charge.
Co-Conspirator's Involvement
Martino stood out among the three because, on top of carrying out attacks with Goldberg and Martin, he coordinated with ransomware gangs while purportedly negotiating ransoms on behalf of five victims. Ransomware gangs paid him a fee for confidential information about victim companies, and he helped cybercriminals obtain the largest ransom possible by notifying them of the victims’ insurance policy limits.
Several of the ransoms he negotiated were massive, with some reaching as much as $26 million. Law enforcement seized about $10 million worth of assets from Martino. He will be sentenced on July 9 and is facing 20 years in prison.
Consequences and Reforms
DigitalMint, the company that employed Martino and Martin, has instituted several new controls that mandate all negotiations be conducted over cloud-based platforms that can be audited and logged. One of the company’s founders will now personally oversee all negotiations. Ransom negotiators at DigitalMint will also have their information given to the Department of Homeland Security for oversight.
The case highlights the importance of vigilance and accountability in the cybersecurity industry, particularly among incident responders and ransom negotiators. As the threat of ransomware attacks continues to grow, it is essential for companies to implement robust security measures and ensure that their employees are trustworthy and transparent in their dealings.
- Ryan Goldberg, 40, sentenced to 4 years in prison
- Kevin Martin, 36, sentenced to 4 years in prison
- Angelo Martino pleaded guilty, facing 20 years in prison
- DigitalMint institutes new controls for ransom negotiations
The sentences handed down to Goldberg and Martin serve as a warning to those who would abuse their positions of trust in the cybersecurity industry. As Assistant Attorney General Duva noted, "These were supposed to be cybersecurity specialists who did good and helped businesses and people." Instead, they chose to engage in illicit activities, causing harm to innocent companies and individuals.
These were supposed to be cybersecurity specialists who did good and helped businesses and people. - Assistant Attorney General Andrew Tysen Duva
The case is a reminder that the cybersecurity industry must remain vigilant and proactive in preventing such abuses of power. By implementing robust security measures and ensuring accountability among incident responders and ransom negotiators, companies can help protect themselves and their clients from the growing threat of ransomware attacks.
Source: The Record