US cybersecurity experts plead guilty to BlackCat ransomware attacks

Published:

30 december 2025 om 15:25:17

Alert date:

30 december 2025 om 16:02:11

Source:

bleepingcomputer.com

Ransomware & Malware, Data Breach & Exfiltration

Two former cybersecurity professionals from incident response companies Sygnia and DigitalMint pleaded guilty to conducting BlackCat (ALPHV) ransomware attacks against U.S. companies in 2023. The case represents a significant insider threat where trusted cybersecurity experts used their privileged access and knowledge to launch ransomware attacks. This highlights the critical risk of insider threats within the cybersecurity industry itself, where professionals with deep technical knowledge and access to sensitive systems can become threat actors.

Technical details

Two former cybersecurity employees from Sygnia and DigitalMint operated as BlackCat (ALPHV) ransomware affiliates between May 2023 and November 2023. They paid a 20% share of ransoms to access BlackCat's ransomware and extortion platform. The attackers breached multiple US company networks, encrypting servers and demanding ransoms ranging from $300,000 to $10 million. They successfully obtained $1.27 million from a Tampa medical device manufacturer. The FBI later disrupted BlackCat operations by breaching their servers to monitor activities and obtain decryption keys. The BlackCat operation collected at least $300 million from over 1,000 victims until September 2023.

Mitigation steps:

The FBI created a decryption tool after breaching BlackCat's servers in December 2023. Organizations should be aware that BlackCat affiliates primarily targeted the US healthcare sector according to FBI, CISA, and HHS joint advisory from February 2024.

Affected products:

Related CVE's:

Related threat actors:

BlackCat

ALPHV

Ryan Clifford Goldberg

Kevin Tyler Martin

IOC's:

This article was created with the assistance of AI technology by Perceptive.