Two US cybersecurity professionals have been sentenced to four years in prison after using their specialist tech skills to participate in a spree of ransomware attacks.
Texas man Kevin Martin, 36, and Georgia man Ryan Goldberg, 40, were sentenced late last week in a US district court in Florida.
The two men received their four-year prison sentences after they and another co-conspirator, previously unnamed Florida man Angelo Martino, 41, used a ransomware strain from infamous cybercriminal gang ALPHV BlackCat to target a slew of victims throughout 2023.
Martin, a father of five with six years’ experience in the US Marine Corps, allegedly conspired to hack five separate businesses while working as a ransomware negotiator for Chicago-based incident response specialist DigitalMint.
“These mistakes he's made were wrong,” read a character reference from Martin’s life partner.
“I’ve witnessed first-hand how deeply he’s struggled with guilt and remorse since.”
Goldberg, who served in the US military before later supervising incident response at Israel-based cybersecurity consulting firm Sygnia Consulting, shared these allegations after providing “initial access” into networks that the trio hacked, according to court documents.
“The irony that he became the very threat he worked for years to fight against is not lost on him, and he understands the severity of his conduct given his background,” read Goldberg’s Memorandum in Aid of Sentencing.
The Department of Justice (DOJ) said Goldberg, Martin and Martino successfully extorted one victim – a medical device company in Florida – of approximately $1.6 million (US$1.2 million) in cryptocurrency Bitcoin.
The duo pleaded guilty in December on one count of “conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion”.
DigitalMint and Sygnia have been contacted for comment.
Neither company was accused of being involved in their former employees’ crimes.
How much money did they earn?
The three men agreed to pay BlackCat admins a 20 per cent share of any successful ransoms under the gang’s Ransomware-as-a-Service model.
This meant access to BlackCat’s ransomware and its associated extortion platform, which typically included an affiliate control panel that featured updates, troubleshooting tips and general announcements about using the ransomware.
BlackCat developers performed ongoing maintenance and patches for the virus, while affiliates were responsible for “identifying and attacking high-value victim institutions”, the DOJ explained.
Multiple US victims were targeted between April and December 2023, with ransom demands ranging from US$300,000 to US$5 million.
Goldberg and Martin’s largest payment was the $1.6 million ransom – though the men first tried to demand US$10 million.
After the men and their co-conspirator paid their dues to BlackCat, the remaining 80 per cent of this ransom payment was split three ways and laundered through “various means”.
The other four victims refused to pay a ransom.
Goldberg flees
Brett Leatherman, assistant director of the Federal Bureau of Investigation’s (FBI) cyber division, said Goldberg “sought to flee abroad and escape prosecution”, but was ultimately tracked through ten countries.
“Today’s sentencings show that ransomware criminals can operate anywhere, including right here in the United States,” said Leatherman.
“Goldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the US but the FBI’s global reach ensured that they ultimately faced justice.”
The third man
Goldberg and Martin were allegedly assisted by Martino, who according to Cyberscoop, also performed work for DigitalMint.
In addition to conspiring with Goldberg and Martin, DOJ noted Martino “abused his role” as a professional ransomware negotiator.
While negotiating on behalf of five different ransomware victims, Martino allegedly fed information about their negotiating positions, insurance limits, and strategies back to BlackCat to maximise ransom payouts.
“This client absolutely needs the decryptor so maybe focus on threatening deletion of the decryptor,” read an alleged chat exchange between Martino and BlackCat.
As of 20 April, law enforcement had seized US$10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat.
Martino has pleaded guilty to an extortion-related charge with sentencing expected 9 July.
BlackCat gradually disbanded after being hit by a significant law enforcement operation in December 2023, in which the FBI developed a BlackCat-tailored decryption tool that reportedly saved victims an approximate US$99 million in ransom payments.
