DOJ Ransomware Indictment 2025: $1.2M Insider Betrayal

Summary

The U.S. Department of Justice has indicted Kevin Tyler Martin (DigitalMint) and Ryan Clifford Goldberg (ex-Sygnia), along with an unnamed accomplice, for allegedly using insider access to launch ALPHV/BlackCat ransomware against five U.S. companies between May 2023 and April 2025. One Florida medical device company reportedly paid $1.2 million in Bitcoin after data was stolen and systems encrypted. The accused are described as negotiators and incident responders who allegedly turned their expertise into a scheme to extort victims, exploiting trust and insider knowledge. DOJ charges include computer fraud and extortion, exposing individuals to decades behind bars if convicted.

Key Points

Indictment names Kevin Tyler Martin and Ryan Clifford Goldberg for alleged insider-enabled ALPHV/BlackCat attacks on five U.S. firms.
A Florida med-tech victim allegedly paid $1.2 million in Bitcoin; total proceeds remain undisclosed after ALPHV’s cut.
Accused insiders reportedly used privileged access and negotiation roles to steal data, deploy ransomware and demand payment.
ALPHV/BlackCat is a powerful RaaS platform (written in Rust) with affiliates and a revenue-sharing model that fuels large payouts.
DOJ charged the defendants with multiple counts of computer fraud (18 U.S.C. § 1030) and extortion (18 U.S.C. § 875), carrying lengthy prison terms and heavy fines.
Industry impact: ransomware projected to cost ~ $40bn globally in 2025; insider threats are driving higher premiums and greater operational risk.
Recommended CEO actions: enforce zero-trust, deploy behaviour-based monitoring, audit crypto flows, strengthen vetting and offboarding.

Context and Relevance

This indictment shines a harsh light on a growing danger: the insider who weaponises their role. It’s not just another breach — it underlines that response teams, negotiators and trusted contractors can be vectors for the attack itself. For boards, CISOs and CEOs this changes the threat model: technical defences alone aren’t enough if the human element can be turned into the attack path. The case also underscores how RaaS ecosystems like ALPHV/BlackCat amplify harm by providing sophisticated tooling and revenue splits that make insider collusion lucrative.

Author’s take

Punchy and blunt: this is a wake-up call. When the very people paid to remediate and negotiate are accused of staging the crime, every assumption about trust and access must be re-set. Read the details — policies, monitoring and culture need urgent upgrades.

Why should I read this?

Because this story is wild and worrying. Negotiators and incident responders flipping to extortion? That’s not hypothetical — it’s happening. If you run a company, manage cyber risk or buy cyber insurance, the tactics and fixes outlined here could save you millions and your reputation. Short version: tighten access, watch crypto flows, and treat insider risk like the top-tier threat it now is.