Two employees at two firms have been indicted for their roles in the attacks
Federal prosecutors have charged two former cybersecurity professionals accused of orchestrating ransomware attacks against several US companies while employed at firms that specialized in defending against such crimes. The indictment alleges the pair used their insider knowledge of ransom negotiations to extort more than a million dollars in cryptocurrency from victims across multiple states.
Kevin Tyler Martin, a former ransomware negotiator for Chicago-based DigitalMint, and Ryan Clifford Goldberg, an incident response manager at Sygnia Cybersecurity Services, were charged in early October with conspiracy to commit extortion and intentional damage to protected computers. Court filings claim the two, along with an unindicted third co-conspirator, conducted the attacks between May 2023 and April 2025.
Prosecutors said the group launched ransomware operations targeting medical, pharmaceutical, and engineering firms in Florida, Maryland, California, and Virginia. In one case, they successfully extorted $1.2 million from a Florida healthcare provider after locking its servers and demanding $10 million for their release. The funds were allegedly laundered through crypto mixing services and multiple digital wallets to conceal their origin.
DigitalMint and Sygnia have denied involvement, confirming the employees were terminated and that neither company’s systems were used in the crimes. DigitalMint said the scheme was carried out independently, outside company infrastructure, and that no client data was compromised. Both companies have cooperated with federal investigators since the probe began.
According to the FBI affidavit, Goldberg admitted his role in the scheme, claiming financial desperation drove him to participate. After being questioned by agents in June, he reportedly fled to Europe with his wife on a one-way flight. Martin was later released on a $400,000 bond, while Goldberg remains in custody.
The case underscores growing concerns about insider threats in cybersecurity firms—where those hired to protect digital assets can, in rare cases, exploit their expertise for criminal gain.
