Getting hit with ransomware is a nightmare scenario for any organization, but finding out the threat is coming from an insider takes the frustration to a new level. Three former cybersecurity professionals have officially pleaded guilty to a conspiracy to deploy ransomware. Between April 20SEC and November 2023, this group utilized Blackcat/ALPHV ransomware against multiple victims, successfully extorting $1.2 million in Bitcoin from just one target, according to the US Department of Justice.
An Insider Threat: Feeding Information to Attackers
The scheme involved individuals with deep roots in the cybersecurity industry, making the breach particularly devastating. The group included Ryan Goldberg of Georgia, Kevin Martin of Texas, and Angelo Martino of Florida.
While working as a ransomware negotiator for a cyber incident response company in April 2023, Martino reportedly began feeding confidential information on five different ransomware victims to the BlackCat threat actors. This sensitive data included the victims' insurance policy limits, which allowed the attackers to maximize their ransom demands.
After being paid by the attackers for his insider intel, Martino allegedly began launching ransomware attacks himself. He has since pleaded guilty to "one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion." His co-conspirators, Martin and Goldberg, pleaded guilty to the same charge last year, and each man faces a maximum penalty of 20 years in prison.
Legal Repercussions and Seized Assets
The legal fallout has been significant, with law enforcement targeting the financial gains of the operation. Authorities have already seized $10 million worth of assets from Martino alone. These items were reportedly obtained using the proceeds of the offense or acquired as a result of it.
The seized assets include:
- Digital currency
- Various vehicles
- A food truck
- A luxury fishing boat
The Decline of BlackCat/ALPHV
BlackCat (also known as ALPHV) refers to both the ransomware written in Rust and the threat actor group itself. This "cyber gang" previously made waves by hitting high-profile targets like Bandai Namco in 2022 and Western Digital in 2023. However, the group appears to be defunct following an intense crackdown by the FBI's cyber division.
This decline is part of a broader global shift in the ransomware landscape. According to The Guardian, ransomware payments fell by $813 million globally in 2024 due to increased law enforcement efforts and a growing trend of victims refusing to pay. We saw this recently with the hacker group ShinyHunters, which held Rockstar Games for ransom just months before the anticipated GTA VI launch. Ultimately, the deadline passed without Rockstar paying up, proving that attackers often have much less leverage than they realize.
