Two men, including a former ransomware negotiator for the Chicago-based company DigitalMint, were indicted in an alleged scheme where they conducted their own cyber-attacks, netting a successful ransom of $1.2 million and attempting to extort millions more from multiple companies. Kevin Tyler Martin, formerly a negotiator for DigitalMint, and Ryan Clifford Goldberg, an incident response manager for Sygnia Cybersecurity Services, were charged with conspiracy and extortion offenses after the FBI uncovered their plot. A third suspected accomplice, who was also a DigitalMint employee at the time but was not indicted, is mentioned in court records. DigitalMint has denied any wrongdoing, stating the alleged crimes took place outside its systems, and confirmed it fired both employees while cooperating with the ongoing investigation.
The criminal scheme, which began in May 2023, involved the three men using malicious software to launch ransomware attacks, first hitting a medical company in Florida by locking its servers and demanding a $10 million ransom. Although they ultimately made off with $1.2 million from that attack, it was reportedly their only success. Their other alleged targets included a pharmaceutical company, a California doctor’s office, an engineering firm, and a Virginia-based drone manufacturer, with total demands ranging from $300,000 to $5 million. Ransomware attacks, which involve encrypting a victim’s data to force a payment for its release, have become a challenging and common form of cybercrime.
The conspiracy allegedly ran until April 2025. Goldberg, who was interviewed by the FBI in June, initially denied involvement but later claimed he was recruited by the third suspect. He confessed that the $1.2 million ransom paid in cryptocurrency was routed through a mixing service and multiple wallets to conceal the funds, and he participated to get out of debt. After the FBI interviewed him, Goldberg and his wife took a one-way flight from Atlanta to Paris. Martin and Goldberg were indicted on October 2nd.
Interestingly, prior to his indictment, Kevin Tyler Martin—who had allegedly already stolen more than a million dollars in a ransomware attack—spoke at a Technology Law Conference in May 2024, where he was described as a current DigitalMint employee and was explaining how he worked on behalf of companies to negotiate ransom payments. Both men were described in court records as “Co-Conspirator 1” and “Co-Conspirator 2” before their names were formally released. The indictment noted that Martin lived in Texas, while Goldberg and his firm, Sygnia, have also publicly confirmed their cooperation with law enforcement, emphasizing that they are not targets of the investigation.
Reference:
