Two men accused of hacking and extorting US companies

Two former employees of cybersecurity firms that sold services helping companies combat hackers have been indicted and accused of participating in a conspiracy, outside of their day jobs, to hack multiple US firms and extort them for millions of dollars.

The two men are accused of deploying ransomware used by a prolific cybercriminal gang in attacks in 2023 against a medical device firm in Florida, a pharmaceutical firm in Maryland and a drone maker in Virginia, among other alleged victims.

Kevin Tyler Martin of Roanoke, Texas, and Ryan Clifford Goldberg of Watkinsville, Georgia, face matching federal charges including interfering in interstate commerce through extortion and intentionally damaging a protected computer, according to an indictment filed in the US Southern District of Florida last month.

The men — and an unnamed alleged co-conspirator — are accused of demanding approximately $10 million from the Florida-based medical device maker to unlock the firm’s data, and ultimately received about $1.27 million, according to the indictment.

The Chicago Sun-Times first reported on the indictment.

Martin worked for DigitalMint, an Illinois-based firm that helps victims recover from ransomware attacks and in some cases pays ransoms, according to its website. Goldberg worked for Sygnia Cybersecurity Services, a multinational firm whose offerings include simulating ransomware attacks for clients.

Martin acted “completely outside the scope of his employment,” DigitalMint said in a statement to CNN on Monday. “As expected, the indictment does not allege that the company had any knowledge of or involvement in the criminal activity. DigitalMint has been and continues to be a cooperating witness in the investigation and not an investigative target.”

“The charged conduct took place outside of DigitalMint’s infrastructure and systems,” DigitalMint’s statement continued. “The co-conspirators did not access or compromise client data as part of the charged conduct.”

DigitalMint said the unnamed co-conspirator who is listed as a defendant in the indictment “may have also been a company employee.”

“No one potentially involved in the charged scheme has worked at the company in over 4 months,” DigitalMint said.

Sygnia Cybersecurity Services said it terminated Goldberg’s employment “immediately upon learning of the situation.”

“While Sygnia is not a target of this investigation, we are continuing to work closely with the Federal Bureau of Investigation,” Sygnia said in its statement. “We cannot provide further comment on the ongoing federal investigation.”

In their alleged attacks, Martin and Goldberg are accused of using a ransomware known as ALPHV, one of the more prolific strains of ransomware in recent years. Like others in the ransomware ecosystem, ALPHV’s developers sell the code to hackers and then share the proceeds of the attacks, according to prosecutors and cyber experts.

ALPHV was allegedly used in a debilitating ransomware attack last year on insurance billing giant Change Healthcare, which cut off health providers from billions in revenue and snarled service at pharmacies across the US. Martin and Goldberg are not accused of involvement in that attack.