United States. Two former employees of incident response and ransomware negotiation firms have been sentenced to four years in prison each for their role in BlackCat, also known as ALPHV, ransomware attacks against US organisations. The case has drawn attention across the cybersecurity industry because the convicted individuals had previously worked in roles meant to help victims respond to cyber extortion.
Former Responders Accused of Aiding Ransomware Operations
The convicted individuals include a former incident response manager from Sygnia and a ransomware negotiator from DigitalMint. Along with a third accomplice, they were found guilty of participating as affiliates of the BlackCat ransomware operation between May 2023 and November 2023.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
According to court findings, the accused used their professional cybersecurity knowledge to assist attackers rather than protect victims. They reportedly gained access to BlackCat’s ransomware infrastructure and extortion platform in exchange for a 20 percent share of ransom payments.
US Firms Targeted With Multimillion-Dollar Demands
The group is believed to have been involved in breaches affecting organisations in healthcare, engineering, pharmaceuticals and manufacturing sectors. Victims included a Maryland pharmaceutical company, a Tampa-based medical device manufacturer, a California engineering firm, a Virginia drone manufacturer and a California medical practice.
One of the largest incidents involved a Tampa medical device company that faced a $10 million ransom demand after its servers were encrypted. The company ultimately paid approximately $1.27 million to regain access to its systems. Other victims reportedly faced ransom demands ranging from $300,000 to $10 million.
Insider Threat Concerns Grow in Cybersecurity Industry
The US Department of Justice confirmed that the defendants were charged with conspiracy to obstruct commerce by extortion. Both pleaded guilty in December after being indicted in November. A third accomplice also pleaded guilty earlier in April as part of the same coordinated ransomware operation.
Authorities said ransom payments were laundered and distributed among attackers and affiliates. The case has raised concerns about insider involvement in cybercrime ecosystems, particularly when professionals with advanced defensive knowledge use their expertise to support ransomware groups.
The BlackCat ransomware group has been linked to dozens of cyberattacks globally and is known for double-extortion tactics, where data is encrypted and victims are threatened with public exposure unless payment is made. The investigation into the broader network continues as authorities trace additional affiliates and financial flows linked to the operation.
