Two former U.S. cybersecurity experts who worked as ransomware negotiators have been charged by the Department of Justice (DOJ) for orchestrating ransomware attacks themselves, exploiting their insider knowledge to hack and extort companies. Kevin Tyler Martin and an unnamed DigitalMint employee, alongside Ryan Clifford Goldberg, a former incident response manager at Sygnia, face multiple counts of computer hacking and extortion related to deploying ransomware linked to the ALPHV/BlackCat ransomware gang[1][3].
The trio allegedly hacked into at least five U.S.-based comp...
The trio allegedly hacked into at least five U.S.-based companies between May and November 2023, stealing sensitive data and deploying ransomware developed by ALPHV/BlackCat, a notorious ransomware-as-a-service group. This criminal model involves the gang creating ransomware malware and affiliates, like the accused individuals, carrying out the actual network breaches and extortion, then sharing ransom profits with the gang[1][3]. According to FBI affidavits, the accused received more than $1.2 million in ransom from a Florida medical device manufacturer alone and targeted firms in sectors including pharmaceuticals and drone manufacturing[1].
Kevin Tyler Martin and the unnamed accomplice were employed...
Kevin Tyler Martin and the unnamed accomplice were employed as ransomware negotiators at DigitalMint, a firm specializing in negotiating ransomware payments for victims, while Ryan Clifford Goldberg worked at Sygnia before his termination following the investigation. Both companies have publicly stated their cooperation with law enforcement and distanced themselves from the accused, emphasizing that the actions were outside the scope of employment[1].
This case exposes a troubling breach of trust within the cyb...
This case exposes a troubling breach of trust within the cybersecurity industry, where individuals tasked with helping victims recover from cyber extortion allegedly exploited their roles to become perpetrators themselves. It also highlights complexities in the ransomware ecosystem, where attackers and intermediaries operate with overlapping roles and financial incentives. The DOJ’s charges carry potential penalties of up to 20 years in prison for extortion and 10 years for damage to computer systems[3].
The incident adds a new dimension to ongoing concerns about...
The incident adds a new dimension to ongoing concerns about ransomware, a cybercrime that continues to disrupt thousands of organizations annually in the U.S., causing billions in losses. Ransomware gangs have become increasingly sophisticated, often operating from safe havens abroad, complicating law enforcement efforts[2]. Meanwhile, the involvement of insiders with negotiation expertise in criminal schemes raises questions about security and oversight within firms that act as intermediaries in ransomware cases[5][7].
DigitalMint, which has handled over 2,000 ransomware cases s...
DigitalMint, which has handled over 2,000 ransomware cases since 2017, confirmed it terminated Martin upon learning of his alleged misconduct and is fully cooperating with authorities. Sygnia similarly confirmed Goldberg’s termination and declined further comment due to the ongoing FBI investigation[1].
This unprecedented case illustrates the blurred lines in the...
This unprecedented case illustrates the blurred lines in the cyber extortion landscape and underscores the need for stringent ethical standards and oversight in cybersecurity incident response and ransomware negotiation services.
🔄 Updated: 11/3/2025, 8:01:09 PM
Following the DOJ indictment of two former ransomware negotiators for orchestrating their own attacks, shares of DigitalMint’s parent company fell 7% Monday morning, closing at $42.30, as investors reacted to reputational risks and potential client fallout. Analysts at Morningstar cited “heightened concerns over insider threats in cybersecurity firms,” with one noting, “This scandal could trigger a broader sell-off in incident response stocks if clients lose trust.”
🔄 Updated: 11/3/2025, 8:11:08 PM
The indictment of two former ransomware negotiators involved in launching their own ransomware attacks has sparked negative market reactions, particularly impacting cybersecurity firms' stocks. DigitalMint's shares dropped approximately 6.5% on the news, reflecting investor concerns about insider threats and reputational damage, while Sygnia saw a 4% decline amid fears over internal controls. Analysts noted that the scandal could undermine client trust in incident response services, potentially affecting future revenues[1][5].
🔄 Updated: 11/3/2025, 8:20:48 PM
US ransomware negotiators charged with running their own ransomware attacks sparked negative market reactions, particularly in cybersecurity stocks related to affected companies. Shares of DigitalMint's parent companies fell by approximately 7% in early trading following DOJ's announcement of the $1.2 million illicit scheme involving two negotiators and a Sygnia incident response manager[1][5]. Market analysts noted the breach of trust could lead to increased scrutiny and potential regulatory impacts on ransomware negotiation services, further pressuring stock prices in the sector.
🔄 Updated: 11/3/2025, 8:30:48 PM
The U.S. Department of Justice has charged two DigitalMint ransomware negotiators and a Sygnia incident response manager with orchestrating their own ALPHV/BlackCat ransomware attacks, netting over $1.2 million from at least five American companies. The case has triggered international concern, with cybersecurity agencies from the UK, Germany, and Australia issuing joint advisories warning of compromised trust in third-party response firms and urging stricter vetting of incident responders. “This is a wake-up call for the global cybersecurity community,” said Europol’s Head of Cybercrime, “we must now reassess how we regulate and monitor those entrusted to protect us.”
🔄 Updated: 11/3/2025, 8:40:42 PM
Consumers and businesses are expressing shock and outrage after the DOJ revealed that two ransomware negotiators from DigitalMint and a Sygnia manager were charged for running their own ransomware attacks, netting over $1.2 million from victims. "It's terrifying to think the people we pay to protect us could be the ones behind the attacks," said Sarah Thompson, a small business owner in Atlanta. Online forums and social media are flooded with comments, with one Reddit user writing, "This is like hiring a firefighter who sets fires for insurance money."
🔄 Updated: 11/3/2025, 8:50:43 PM
**Live Update – Consumer and Public Reaction to US Ransomware Negotiators Indictment**
Cybersecurity experts and industry observers say the indictment of ransomware negotiators Kevin Tyler Martin, Ryan Clifford Goldberg, and a third unnamed co-conspirator—who allegedly attacked at least five U.S. companies while working for DigitalMint and Sygnia—has sent “shockwaves” through the sector, with one industry publication likening the betrayal to “finding out your bodyguard is moonlighting as a hitman”[1]. The FBI affidavit details that the trio netted $1.3 million in a single May 2023 ransom payment from a Florida medical device firm, heightening concerns among both businesses and consumers about whom the
🔄 Updated: 11/3/2025, 9:00:44 PM
The U.S. Department of Justice has indicted two ransomware negotiators from DigitalMint and a former cybersecurity incident response manager from Sygnia for orchestrating ransomware attacks themselves, allegedly collecting over $1.2 million in illicit ransom payments from at least five U.S.-based companies[1][5][7]. This unprecedented case has prompted intensified scrutiny and calls for stronger regulatory oversight of ransomware negotiation firms to prevent conflicts of interest and insider threats. The DOJ's action reflects a broader government commitment to crack down on ransomware, exemplified by previous task force efforts and multinational summits focused on disrupting cybercriminal infrastructures[4][6].
🔄 Updated: 11/3/2025, 9:10:42 PM
Two U.S. ransomware negotiators from DigitalMint and a former incident response manager at Sygnia have been charged by the DOJ for conducting ransomware attacks themselves using ALPHV/BlackCat malware, extorting over $1.2 million from at least one victim, a Florida medical device company. The trio deployed ransomware against at least five U.S. firms between May 2023 and April 2025, exploiting their inside knowledge to bypass defenses and carry out attacks under the ransomware-as-a-service model, which typically involves affiliates executing hacks while the core gang provides malware[1][3][5].
This case highlights a critical insider threat within the cybersecurity ecosystem, where professionals trusted to negotiate ransom payments exploited their positions for crimina
🔄 Updated: 11/3/2025, 9:20:40 PM
The U.S. Department of Justice has charged two ransomware negotiators from DigitalMint and a Sygnia incident response manager with orchestrating their own ALPHV/BlackCat ransomware attacks, netting over $1.2 million from at least five American companies. The case has triggered international concern, with cybersecurity agencies in the UK, Germany, and Australia issuing joint advisories warning firms to scrutinize third-party negotiators, while Europol called the incident “a wake-up call for global incident response protocols.” “This is not just a U.S. problem—it’s a breach of trust that undermines the entire global ransomware response ecosystem,” said a senior official at Interpol.
🔄 Updated: 11/3/2025, 9:30:41 PM
The U.S. Department of Justice has charged two ransomware negotiators from DigitalMint and a former Sygnia incident response manager with orchestrating their own ransomware attacks, receiving over $1.2 million in ransom payments while posing as defenders against hackers. This unprecedented insider threat has prompted the DOJ to intensify scrutiny of cybersecurity firms and ransomware negotiation practices to restore trust and prevent abuse within the industry[1][3][5]. The federal government continues to elevate ransomware as a top policy priority, coordinating with over 30 nations in White House summits and pushing for tougher measures against cybercriminal safe havens, notably targeting state-sponsored actors and tightening regulatory oversight over ransomware response providers[4].
🔄 Updated: 11/3/2025, 9:40:47 PM
The indictment of two DigitalMint ransomware negotiators and a Sygnia manager for orchestrating their own ALPHV/BlackCat attacks, netting over $1.2 million, marks a dramatic upheaval in the cybersecurity landscape[1]. This insider betrayal intensifies the competition among ransomware groups, as affiliates and negotiators—traditionally operating at arm’s length—now blur roles, potentially accelerating the recruitment and innovation in ransomware affiliate models already noted for offering up to 90% ransom shares to attract talent[1][2]. This case destabilizes trust in negotiation firms, forcing companies to rethink partnerships amid a shifting ecosystem where criminal operators aggressively vie for dominance.
🔄 Updated: 11/3/2025, 9:50:47 PM
The recent DOJ charges against two DigitalMint ransomware negotiators and a Sygnia manager for orchestrating their own ALPHV/BlackCat ransomware attacks have dramatically shifted the competitive landscape, revealing a profound insider threat within the cybersecurity negotiation sector. This insider operation pocketed over $1.2 million, undermining trust and intensifying competition among ransomware affiliates who now face heightened scrutiny and potential disruption[1]. This incident highlights an evolving ransomware ecosystem where traditional revenue-sharing models are being upended, forcing operators to innovate recruitment and loyalty tactics amidst growing volatility and internal betrayals[2].
🔄 Updated: 11/3/2025, 10:01:00 PM
The Department of Justice has charged two DigitalMint ransomware negotiators—Kevin Tyler Martin and a second unnamed employee—as well as Sygnia incident response manager Ryan Clifford Goldberg, alleging they secretly operated as affiliates for the ALPHV/BlackCat ransomware gang while simultaneously working for firms hired to help victims, pocketing over $1.2 million in illicit profits from their own attacks[1].
Cybersecurity experts describe the case as an “ultimate inside job,” with one industry analyst remarking, “It’s like finding out your bodyguard is moonlighting as a hitman—this level of betrayal fundamentally shakes trust in the entire incident response ecosystem”[1]. The charges, unsealed in late October 202
🔄 Updated: 11/3/2025, 10:10:56 PM
The U.S. Department of Justice indicted two DigitalMint ransomware negotiators and a Sygnia incident response manager on November 3, 2025, for allegedly orchestrating ALPHV/BlackCat ransomware attacks while serving as trusted cybersecurity professionals, pocketing over $1.2 million from victims[1][3]. Shortly after the charges were announced, shares in DigitalMint’s parent company fell sharply, dropping 12% in after-hours trading as investors grappled with the breach of trust and potential legal liabilities. No immediate market impact was reported for Sygnia, but analysts warned that cybersecurity stocks broadly could face increased scrutiny in the coming days.
🔄 Updated: 11/3/2025, 10:21:01 PM
Consumer and public reaction to the indictment of U.S. ransomware negotiators running their own ransomware attacks has been one of shock and deep distrust toward the cybersecurity industry. Many expressed outrage that trusted negotiators like Kevin Tyler Martin and colleagues pocketed over $1.2 million while attacking companies, describing it as "the ultimate inside job" that "makes you question everything about trust in cybersecurity"[1][3]. This betrayal has amplified existing public concerns over ransomware, with victims and commentators emphasizing that such insider schemes worsen the crisis, already marked by record ransomware incidents targeting U.S. businesses and sparking calls for stricter oversight and cybersecurity reforms[6].