US Justice Dept charges former cybersecurity employees in ransomware attack conspiracy
Experts warn that the incident highlights the urgent need for tighter internal controls, continuous monitoring, and ethical oversight in a sector increasingly responsible for defending critical national infrastructure from cyber threats.
In a stunning twist in the world of cybersecurity, the US Department of Justice (DOJ) has charged several former employees of companies specializing in ransomware negotiations with allegedly orchestrating cyberattacks against American firms.
The charges mark a dramatic reversal of roles, as individuals once tasked with defending victims of cybercrime now stand accused of perpetrating it.
According to the criminal complaint filed last month, the defendants played a key role in a series of ransomware attacks that targeted at least five US-based companies.
Among those charged are Kevin Tyler Martin and another unnamed employee, both of whom previously worked as ransom negotiators at DigitalMint, a company known for facilitating cryptocurrency payments in cyber ransom cases. They face three counts of computer hacking and extortion.
Also named in the indictment is Ryan Clifford Goldberg, former director of incident response at cybersecurity giant Sygnia. Goldberg is accused of participating in the same criminal conspiracy, which allegedly involved hacking corporate systems, stealing sensitive information, and deploying ransomware developed by the notorious ALPHV/BlackCat group.
The ALPHV/BlackCat operation runs on a “ransomware-as-a-service” model, in which malware developers supply encryption tools to affiliates—like the accused—who execute attacks and extort ransom payments. In return, the developers receive a share of the proceeds.
Court documents revealed that the defendants secured more than $1.2 million in ransom payments from a single victim—a medical device manufacturer based in Florida. Other known targets include a Virginia-based drone company and a Maryland pharmaceutical firm, among others.
In response to the allegations, Sygnia CEO Guy Segal confirmed that Goldberg had been an employee of the company but was terminated immediately after his involvement came to light.
He declined to provide further details, citing the ongoing FBI investigation. DigitalMint President Mark Greens also confirmed Martin’s employment at the time of the attacks but stated that the alleged activities were conducted outside his professional duties. He added that the company is fully cooperating with authorities and that the other accused individual may be a former employee.
The case underscores a troubling new challenge for the cybersecurity industry: insiders exploiting their access and expertise to carry out sophisticated crimes.
Experts warn that the incident highlights the urgent need for tighter internal controls, continuous monitoring, and ethical oversight in a sector increasingly responsible for defending critical national infrastructure from cyber threats.
