Ransomware Negotiation Firm Rocked by Insider Cybercrime Scandal

Two cybersecurity professionals, including a former ransomware negotiator for a well-known Chicago firm, have been indicted for allegedly orchestrating ransomware attacks while posing as defenders against such threats.

According to a Chicago Sun-Times report based on a newly unsealed indictment, the defendants exploited their positions at DigitalMint and Sygnia Cybersecurity Services to carry out at least five attacks under the banner of the notorious ALPHV/BlackCat ransomware gang.

The US Department of Justice alleges that Kevin Tyler Martin of Texas, formerly employed by Chicago-based DigitalMint, and Ryan Clifford Goldberg of Georgia, a former incident response manager at Sygnia, conspired with an unnamed third accomplice to extort over $1 million from organizations across the US The scheme began in May 2023 and continued through April 2025, with court documents describing a coordinated effort to hack into company systems, encrypt data, and demand cryptocurrency payments in return for decryption keys and silence.

DigitalMint, a private firm specializing in incident response and ransomware negotiation services, has handled more than 2,000 ransomware cases since 2017. Its services are often sought by companies in crisis, particularly during ransomware attacks. The company has maintained that it was not a target of the federal investigation and that the criminal activity occurred entirely outside of its systems. It fired Martin and the unnamed third co-conspirator upon learning of their alleged misconduct and has been cooperating with the investigation since.

The indictment paints a damning picture of the operation. The conspirators allegedly deployed ALPHV/BlackCat ransomware to breach systems and steal data from five victims:

• A Florida-based medical device company (Victim 1) was hit for $10 million, which ultimately paid $1.27 million in cryptocurrency.
• A Maryland pharmaceutical company (Victim 2).
• A California doctor’s office (Victim 3), extorted for $5 million.
• A California engineering firm (Victim 4), targeted for $1 million.
• A Virginia drone manufacturer (Victim 5), with a $300,000 ransom demand.

According to FBI affidavits, Goldberg and Martin accessed systems without authorization, deployed the ransomware, and routed ransom payments through cryptocurrency mixing services to obscure the money trail. Affiliates of ALPHV typically receive access to custom ransomware control panels on the dark web in exchange for a share of profits.

The affidavit states that Goldberg admitted to participating in the operation during a June 2025 FBI interview. He said he was recruited by the unnamed third conspirator, and that Martin warned him about an FBI raid on the co-conspirator’s Florida home. Goldberg expressed fear about the legal consequences and even searched DOJ websites using the co-conspirator’s name.

Shortly after the FBI interview, Goldberg and his wife boarded a one-way flight to Paris. He has since been taken into custody, while Martin was released on a $400,000 bond under strict conditions. A federal court order bars Martin from any cybersecurity work and from using login credentials that do not belong to him or his partner.

DigitalMint executives have issued multiple statements distancing the company from the rogue actions of its former employees. President Marc Grens reiterated the firm’s commitment to transparency and trust, calling the incident a violation of the culture and ethics that have guided its work. CEO Jonathan Solomon emphasized that the company moved quickly to terminate the employee and safeguard client interests.

The indictment charges both men with conspiracy to interfere with interstate commerce by extortion, extortion itself, and intentional damage to protected computers, offenses that carry a maximum combined sentence of 50 years in prison.