Chicago firm that resolves ransomware attacks had rogue workers carrying out their own hacks FBI says Chicago SunTimes
p
Why are we asking for donations
ppSearchppSearchppSearchppA group of cybersecurity professionals two of whom worked for a Chicago firm are accused of carrying out ransomware attacks against companies in an effort to enrich themselves ppAdobe StockppShareppRogue employees of a Chicago company that specializes in negotiating ransoms to mitigate cyber attacks were carrying out their own piracy in a plot to extort millions of dollars from a series of companies prosecutors say ppKevin Tyler Martin a ransomware threat negotiator for River Northbased DigitalMint at the time of the alleged conspiracy was among two men indicted in the scheme A suspected accomplice who wasnt indicted was also employed at DigitalMint court records showppDigitalMint has denied any wrongdoing fired both employees and cooperated with the investigationppAlso indicted was Ryan Clifford Goldberg an incident response manager for the multinational company Sygnia Cybersecurity Services Sygnia said Goldberg no longer works for the company and it is not the target of this investigation however we continue to work closely with law enforcementppAccording to an affidavit filed in September by an FBI agent the three men began using malicious software in May 2023 to conduct ransomware attacks against victims first hitting a medical company in Florida by locking its servers and demanding 10 million to unlock the systems court records say ppThe FBI agent noted the men ultimately made off with 12 million although it was apparently the only successful attack ppRansomware attacks have become increasingly common and pose challenges for targeted companies hospitals and universities The malicious software can be unwittingly downloaded by simply opening an email attachment or following a linkppOnce the code is loaded on a computer it will lock access to the computer itself or data and files stored there the FBI says More menacing versions can encrypt files and folders on local drives attached drives and even networked computersppTo regain access victims can be pushed to pay a ransomppMartin Goldberg and the other unnamed suspect also are accused of targeting a pharmaceutical company from Maryland demanding 5 million from a California doctors office seeking 1 million from an engineering firm in California and trying to extort 300000 from a Virginiabased drone manufacturerppTheir scheme continued until April 2025 according to the FBI Goldberg was interviewed by agents that June initially denying being involved in the ransomware attacks He claimed he was recruited by the third suspect who wasnt indicted described in court records only as CoConspirator 1ppGoldberg said the 12 million the medical company paid in cryptocurrency was routed through a mixing service and then through multiple cryptocurrency wallets in an effort to hide the digital cashppGoldberg told the FBI he engaged in the scheme to get out of debt and feared he was going to federal prison for the rest of his life ppHe said Martin told him the FBI had raided the home of CoConspirator 1 on April 3 according to the FBI affidavitppThe following month Goldberg searched the name of CoConspirator 1 along with dojgov the Justice Departments website records show He also asked Why would somebody who was accused and admitted to an FBI agent be let go but later indictedppTen days after his interview with the FBI on June 27 Goldberg and his wife flew from Atlanta to Paris on a oneway flight But at that time officials believed that Goldberg and his wife were still in EuropeppMartin and Goldberg were indicted Oct 2 on charges of conspiracy to interfere with interstate commerce by extortion interference with interstate commerce and intentional damage to a protected computerppRecords show Goldberg has been taken into custody and was ordered held pending trial and Martin was freed in lieu of 400000 bond Their lawyers didnt respond to questions and Martin declined to commentppIn May 2024 Martin spoke at the Technology Law Conference in Austin Texas where he was described as a current DigitalMint employee He explained he worked on behalf of companies to help negotiate ransom payments after allegedly stealing more than 1 million in such an attackppBefore Martin was indicted he was described in the FBI affidavit as CoConspirator 2 a United States citizen and resident of Texas who was employed as a ransomware negotiator for a cyberincident response company between May 2023 and April 2025ppCoConspirator 1 was described in the affidavit as a Florida resident who was employed as a ransomware negotiator for the same cyberincident response companyppThe indictment noted that Martin lived in Roanoke Texas and CoConspirator 1 resided in Land O Lakes FloridappDigitalMint issued a statement in July saying the company was cooperating with an investigation involving an employee who had been fired amid accusations of unauthorized conduct The company said it wasnt targeted in the probeppTrust is earned every day As soon as we were able we began communicating the facts to affected stakeholders DigitalMint President Marc Grens said at the time This level of transparency is a key part of the culture that has driven DigitalMints successppWhen the indictment was handed up DigitalMint issued a memo confirming an employee had been indicted and saying the company continues to be a cooperating witness in the investigation and not an investigative targetppThe alleged crimes took place outside of DigitalMints infrastructure and systems the company said and the suspects did not access or compromise client data as part of the charged conductppAs expected the indictment does not allege that the company had any knowledge of or involvement in the criminal activity the company saidppSharepp
Chicago SunTimesWatchdogs reporterassistant editor
pp 2025 Chicago SunTimes Media IncppTerms of Use Privacy Notice Cookie Policy Terms of Salep
Why are we asking for donations
ppSearchppSearchppSearchppA group of cybersecurity professionals two of whom worked for a Chicago firm are accused of carrying out ransomware attacks against companies in an effort to enrich themselves ppAdobe StockppShareppRogue employees of a Chicago company that specializes in negotiating ransoms to mitigate cyber attacks were carrying out their own piracy in a plot to extort millions of dollars from a series of companies prosecutors say ppKevin Tyler Martin a ransomware threat negotiator for River Northbased DigitalMint at the time of the alleged conspiracy was among two men indicted in the scheme A suspected accomplice who wasnt indicted was also employed at DigitalMint court records showppDigitalMint has denied any wrongdoing fired both employees and cooperated with the investigationppAlso indicted was Ryan Clifford Goldberg an incident response manager for the multinational company Sygnia Cybersecurity Services Sygnia said Goldberg no longer works for the company and it is not the target of this investigation however we continue to work closely with law enforcementppAccording to an affidavit filed in September by an FBI agent the three men began using malicious software in May 2023 to conduct ransomware attacks against victims first hitting a medical company in Florida by locking its servers and demanding 10 million to unlock the systems court records say ppThe FBI agent noted the men ultimately made off with 12 million although it was apparently the only successful attack ppRansomware attacks have become increasingly common and pose challenges for targeted companies hospitals and universities The malicious software can be unwittingly downloaded by simply opening an email attachment or following a linkppOnce the code is loaded on a computer it will lock access to the computer itself or data and files stored there the FBI says More menacing versions can encrypt files and folders on local drives attached drives and even networked computersppTo regain access victims can be pushed to pay a ransomppMartin Goldberg and the other unnamed suspect also are accused of targeting a pharmaceutical company from Maryland demanding 5 million from a California doctors office seeking 1 million from an engineering firm in California and trying to extort 300000 from a Virginiabased drone manufacturerppTheir scheme continued until April 2025 according to the FBI Goldberg was interviewed by agents that June initially denying being involved in the ransomware attacks He claimed he was recruited by the third suspect who wasnt indicted described in court records only as CoConspirator 1ppGoldberg said the 12 million the medical company paid in cryptocurrency was routed through a mixing service and then through multiple cryptocurrency wallets in an effort to hide the digital cashppGoldberg told the FBI he engaged in the scheme to get out of debt and feared he was going to federal prison for the rest of his life ppHe said Martin told him the FBI had raided the home of CoConspirator 1 on April 3 according to the FBI affidavitppThe following month Goldberg searched the name of CoConspirator 1 along with dojgov the Justice Departments website records show He also asked Why would somebody who was accused and admitted to an FBI agent be let go but later indictedppTen days after his interview with the FBI on June 27 Goldberg and his wife flew from Atlanta to Paris on a oneway flight But at that time officials believed that Goldberg and his wife were still in EuropeppMartin and Goldberg were indicted Oct 2 on charges of conspiracy to interfere with interstate commerce by extortion interference with interstate commerce and intentional damage to a protected computerppRecords show Goldberg has been taken into custody and was ordered held pending trial and Martin was freed in lieu of 400000 bond Their lawyers didnt respond to questions and Martin declined to commentppIn May 2024 Martin spoke at the Technology Law Conference in Austin Texas where he was described as a current DigitalMint employee He explained he worked on behalf of companies to help negotiate ransom payments after allegedly stealing more than 1 million in such an attackppBefore Martin was indicted he was described in the FBI affidavit as CoConspirator 2 a United States citizen and resident of Texas who was employed as a ransomware negotiator for a cyberincident response company between May 2023 and April 2025ppCoConspirator 1 was described in the affidavit as a Florida resident who was employed as a ransomware negotiator for the same cyberincident response companyppThe indictment noted that Martin lived in Roanoke Texas and CoConspirator 1 resided in Land O Lakes FloridappDigitalMint issued a statement in July saying the company was cooperating with an investigation involving an employee who had been fired amid accusations of unauthorized conduct The company said it wasnt targeted in the probeppTrust is earned every day As soon as we were able we began communicating the facts to affected stakeholders DigitalMint President Marc Grens said at the time This level of transparency is a key part of the culture that has driven DigitalMints successppWhen the indictment was handed up DigitalMint issued a memo confirming an employee had been indicted and saying the company continues to be a cooperating witness in the investigation and not an investigative targetppThe alleged crimes took place outside of DigitalMints infrastructure and systems the company said and the suspects did not access or compromise client data as part of the charged conductppAs expected the indictment does not allege that the company had any knowledge of or involvement in the criminal activity the company saidppSharepp
Chicago SunTimesWatchdogs reporterassistant editor
pp 2025 Chicago SunTimes Media IncppTerms of Use Privacy Notice Cookie Policy Terms of Salep
