The victims and the demands: The indictment cited at least five victim organizations: a Florida medical-device company, a Maryland pharmaceutical manufacturer, a California doctor’s office, a California engineering firm, and a Virginia-based drone company. On May 13, 2023, the conspirators allegedly attacked the Florida firm, demanding $10 million and receiving roughly $1.27 million in cryptocurrency. Two months later, they hit the California medical practice, seeking $5 million, followed by attacks in October and November 2023 that targeted engineering and drone companies, respectively.According to investigators, the group often returned to previously compromised networks to increase pressure on victims or demand additional payments.It can also be recalled that in October 2024, Personal health information of 100 million individuals was stolen during a ransomware attack on Change Healthcare, a unit of UnitedHealth, and a ransom of $22 million was paid. This attack was then attributed to the ALPHV/BlackCat ransomware group.However, CSO could not independently verify if the current indictment and the UnitedHealth ransomware attack are related.
The legal charges and investigation: Goldberg, Martin, and the unnamed co-conspirator were charged with conspiracy to interfere with commerce by extortion and intentional damage to protected computers, as described in the court filing. Each charge carried the possibility of significant prison time, and prosecutors sought forfeiture of assets derived from the alleged attacks, including cryptocurrency wallets.Each extortion charge carried up to 20 years in prison, while the computer-damage count carried up to 10 years. Prosecutors also sought forfeiture of any assets derived from the attacks, including cryptocurrency wallets.”The ransom funds were moved through various wallet addresses, making tracing efforts complex,” the FBI wrote, adding that cooperation with overseas exchanges and law enforcement agencies was key to tracking the money flow.
Corporate responses raise insider threat questions: Sygnia confirmed Goldberg’s employment and stated he was “terminated immediately upon learning of the situation.” The company said it is not a target of the investigation, but “We are continuing to work closely with the Federal Bureau of Investigation. We cannot provide further comment on the ongoing federal investigation.”DigitalMint did not respond to a request for comment.The case highlights insider threat risks within the cybersecurity services industry itself. Both defendants held positions requiring deep knowledge of ransomware operations and incident response. Martin’s role as a ransomware negotiator would have provided insight into victim psychology, payment processes, and cryptocurrency transactions. Goldberg’s incident response background meant understanding how organizations detect and respond to breaches.ALPHV BlackCat emerged in late 2021 and became one of the most prolific ransomware operations globally, attacking “hundreds of institutions around the world,” including medical facilities, school districts, law firms, and financial firms, according to the indictment.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4084031/cybersecurity-experts-charged-with-running-blackcat-ransomware-operation.html
