Two Cybersecurity Professionals Sentenced for Facilitating BlackCat Ransomware Attacks Across U.S. Victims
What Happened — The U.S. Department of Justice sentenced Ryan Goldberg and Kevin Martin to four years in federal prison each for deploying the BlackCat (ALPHV) ransomware against multiple U.S. organizations between April and December 2023. Their actions enabled the ransomware to encrypt data and disrupt operations at the compromised entities.
Why It Matters for TPRM —
- Demonstrates that threat actors can be insiders or “security‑adjacent” professionals, expanding the pool of potential supply‑chain risk.
- Highlights the continued activity of BlackCat, a ransomware group that targets a wide range of industries, increasing the likelihood of future incidents.
- Legal outcomes reinforce the importance of monitoring for ransomware facilitation behaviors in third‑party relationships.
Who Is Affected — All U.S. organizations that were victims of BlackCat ransomware in 2023, spanning finance, healthcare, technology, and other sectors.
Recommended Actions —
- Review any third‑party contracts for exposure to ransomware‑facilitating services or individuals.
- Verify that vendors enforce strict background checks and continuous monitoring for insider threats.
- Ensure incident‑response plans include ransomware playbooks and legal‑hold procedures.
Technical Notes — The attacks leveraged BlackCat’s modular malware, delivered via phishing and compromised credentials, to encrypt victim files and demand ransom. No specific CVE was cited; the threat relied on known ransomware techniques. Source: The Hacker News