Ryan Clifford Goldberg worked as an incident response supervisor for the Israeli cybersecurity firm Sygnia, while Kevin Tyler Martin was a ransomware threat negotiator for Chicago-based DigitalMint at the time of their crimes.
Goldberg and Martin pleaded guilty last week to hacking a medical device company and extorting a ransom of nearly $1.3 million in cryptocurrency to unlock its service, the Chicago Sun-Times reported.
The two cybersecurity professionals admitted to carrying out the May 2023 cyberattack in a federal court in Miami on December 18th. They pleaded guilty to conspiracy to interfere with commerce by extortion, according to court documents.
Each faces up to 20 years in prison, three years of supervised release, and a fine of up to $250,000, according to their plea agreements. The two defendants were indicted in October, when the Chicago Sun-Times first reported on the case.
Goldberg and Martin acted in partnership with a third co-conspirator, who also worked for DigitalMint, but remained unnamed and wasn’t charged.
The three spent years moonlighting as criminal hackers while working in the cybersecurity industry and were accused of sharing their illicit profits with the developers of the ransomware they used in their attacks.
Goldberg and Martin also formally acknowledged their role in four other attacks they were accused of carrying with their partner between May and November 2023 that didn’t result in ransom payments, court records showed.
These included targeting a Maryland-based pharmaceutical company, demanding $5 million from a doctor’s office in California, $1 million from an engineering firm, also in California, and attempting to extort $300,000 from a drone manufacturer in Virginia.
Both Sygnia and DigitalMint distanced themselves from their former employees at the time of their indictment. Sygnia said Goldberg no longer worked for the company and that the firm was not the target of the investigation. It said it worked closely with law enforcement.
DigitalMint, which specializes in negotiating ransoms in cyberattacks, confirmed an employee had been indicted and said it was “a cooperating witness” in the investigation and not the target of it.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked