Ransomware negotiators accused of pulling off ransomware attacks

Published: 6 November 2025
Last updated: 6 November 2025
man-with-two-faces-one-positive-one-negative-half-shield-another-one-is-bug

The US Department of Justice is charging employees of two cybersecurity companies and a co-conspirator with conducting ransomware attacks.

Two of the suspects worked for DigitalMint, a security firm that specializes in negotiating with criminals responsible for ransomware attacks on behalf of victims. The third suspect was previously an incident response manager at the cybersecurity firm Sygnia.

The three suspects are accused of hacking into companies, stealing confidential and sensitive corporate information, and deploying ransomware developed by a ransomware operation called ALPHV or BlackCat.

ADVERTISEMENT

ALPHV first emerged in late 2021 and is responsible for targeting hundreds of businesses, organizations, and other institutions worldwide, including medical facilities, school districts, law firms, and financial institutions.

The group operates as a ransomware-as-a-service (RaaS), meaning that they don’t carry out cyberattacks themselves, but leave it up to lesser-skilled cybercriminals or affiliates. In return, the developers of the malware receive a 15% to 20% cut of all illicit revenues gained from ransom payments.

file-ransomware-paid-encrypted
Image by Cybernews.

According to the indictment, one of the affected companies paid $1.27 million in ransom in virtual currency out of fear of financial loss from the data theft and encryption of its data. The suspects also targeted several other companies, including a drone manufacturer and a pharmaceutical company. As far as we know, there’s been only one successful extortion attempt.

Sygnia’s CEO, Guy Segal, told TechCrunch that the employee was immediately terminated when the company got wind of his involvement with ransomware attacks.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

DigitalMint President Marc Grens confirmed that one of the suspects worked as an employee at the time of the hacks, but said that he was “acting completely outside the scope of his employment.” The co-conspirator may have been a former employee.

Both Sygnia and DigitalMint say they’re fully cooperating with the FBI’s investigation.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked