Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
Crime Security The Courts

DOJ Accuses US Ransomware Negotiators of Launching Their Own Ransomware Attacks (techcrunch.com) 20

Posted by BeauHD from the cease-and-desist dept.
An anonymous reader quotes a report from TechCrunch: U.S. prosecutors have charged two rogue employees of a cybersecurity company that specializes in negotiating ransom payments to hackers on behalf of their victims with carrying out ransomware attacks of their own. Last month, the Department of Justice indicted Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.

Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, as part of the scheme. The three are accused of hacking into companies, stealing their sensitive data, and deploying ransomware developed by the ALPHV/BlackCat group. [...] According to an FBI affidavit filed in September, the rogue employees received more than $1.2 million in ransom payments from one victim, a medical device maker in Florida. They also targeted several other companies, including a Virginia-based drone maker and a Maryland-headquartered pharmaceutical company.
This discussion has been archived. No new comments can be posted.

DOJ Accuses US Ransomware Negotiators of Launching Their Own Ransomware Attacks More

DOJ Accuses US Ransomware Negotiators of Launching Their Own Ransomware Attacks

Comments Filter:

  • Doors (Score:4, Insightful)

    by SlashbotAgent ( 6477336 ) on Tuesday November 04, 2025 @08:05AM (#65772098)

    Behind door number one; we have a daily grind that pays $75k.

    Behind door number two; we have three gigs paying $1.2mm.

    Behind door number three; we have prison.

  • With this... https://www.printables.com/mod... [printables.com] Thing I designed. You're welcome ;-)

    • What if hard drives, but tapes!

      NO.

    • You invented a ghetto tape library.

      Sure, tape libraries are more expensive(new). But, there's no way I'm trusting that 3D printed jank-fest in production.

      • When ransomware crawls your backups, remember me ;-)
      • This jank-fest, is a simple optical button interface and a 10 $ arduino to push a button every 24 hours... How much less complex, less failure prone, and more reliable could YOU make it? LoL! I have a dozen or more of these deployed, and each and every single one of them still functions to this day. Almost 15 years later. Its 99% solid state, and there is virtually nothing in there to fail, except hard drives ;-D

  • ... two rogue employees ...

    In this case maybe it's just two rogue employees. But for me the phrase that leapt immediately to mind is "business model". So I wonder how many ransomware attack cases are "negotiated" by colleagues of the hackers.

    The Pet Shop Boys said it well: "Oh, there's a lot of opportunities / If you know when to take them, you know? / There's a lot of opportunities If there aren't, you can make them / Make or break them". Perhaps that has evolved from a popular song into a pervasive business model? After all, even

    • Re: (Score:2)

      by cusco ( 717999 )

      Sounds very much like the groups contracted to shut down Bitcoin scams. Somehow without fail huge amounts of coins go missing, every single time.

  • Backups or nothing. (Score:3)

    by irreverentdiscourse ( 1922968 ) on Tuesday November 04, 2025 @09:20AM (#65772274)

    If someone is telling you to negotiate and pay you are already being scammed a second time.

    • Re: (Score:1)

      by EnvyRAM ( 586140 )

      The negotiating for the decryption key has often been the only way organizations have been able to recover from ransomware. Ideally, people have backups, but the standard ransomware threat actor playbook includes the step of destroying all the backups prior to pushing out the ransomware. I will cross-post one of my relevant comments on last week's ransomware story:

      Backups have been a sore spot with ransomware recovery the last several years. Most people have some sort of backups, but generally, one or more

Slashdot Top Deals

What is worth doing is worth the trouble of asking somebody to do.

Close