interview: Lock 'em down

Two incident responders pleaded guilty to charges related to BlackCat ransomware attacks targeting U.S. companies between April and December 2023.

 Former incident responders Ryan Clifford Goldberg and Kevin Tyler Martin have pleaded guilty to participating in a series of ransomware attacks while working at cybersecurity firms tasked with helping organizations recover from such incidents. The case highlights a rare instance of trusted professionals abusing their positions to commit cybercrime, causing significant damage to multiple organizations in 2023. Goldberg, formerly a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint, collaborated with an unnamed co-conspirator to carry out ransomware attacks using the ALPHV (BlackCat) ransomware variant. According to federal court records, the total losses caused by their actions exceeded $9.5 million. The attacks targeted a medical company in Florida, a pharmaceutical firm in Maryland, a California doctor’s office, an engineering company in California, and a drone manufacturer in Virginia.  The indictment revealed that the trio received nearly $1.3 million in ransom payments from the Florida medical company in May 2023, but were unable to extort payments from the other victims. The ALPHV/BlackCat ransomware, first identified in late 2021, has been linked to numerous attacks on critical infrastructure providers, including the high-profile breach of UnitedHealth Group’s subsidiary Change Healthcare in 2024. Goldberg and Martin each pleaded guilty to one count of conspiracy to interfere with interstate commerce by extortion, which reduces their maximum penalty from 50 years to 20 years in federal prison. As part of their plea agreements, both defendants are ordered to forfeit $342,000, representing the value of proceeds traced to their crimes. The court may also impose fines of up to $250,000 and additional restitution.  A spokesperson for DigitalMint stated that the company cooperated fully with the Justice Department and supports the outcome as a step toward accountability. “His behavior is a clear violation of our values and ethical standards,” the spokesperson said, emphasizing that Martin’s actions were undertaken without the company’s knowledge or involvement. Sygnia did not immediately respond to requests for comment.  Prosecutors noted that Goldberg and Martin abused their positions of trust and used their specialized skills to facilitate and conceal their crimes. Officials have indicated that they will recommend reduced sentences if both defendants make full, accurate, and complete disclosures of their offenses and refrain from committing further crimes.

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

Coupang details its compensation plan and investigation findings following a major cybersecurity incident, and finds a laptop disposed of in a river.

Coupang, South Korea's e-commerce leader, faces massive backlash after the nation's largest data breach, impacting 33.7 million users. The company offers over $1 billion in compensation, with each affected user receiving 50,000 won in vouchers. This breach, undetected for five months and caused by a former employee, highlights critical security vulnerabilities. Learn more about the incident, the government's response, and why protecting your data online is more important than ever. Stay vigilant! #DataBreach #CyberSecurity #Coupang #Privacy #InsiderThreat Date 2025-12-29T093018.771+0100 Tools used for generation Text Gemini Narator Azure TTS Clips Pexel Rendering Remotion

Founded in 2014, Teramind is a leading, global provider of employee monitoring, user behavior analytics, insider threat detection, forensics and data loss prevention software solutions.

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Discover how two former cybersecurity experts betrayed trust by orchestrating ransomware attacks against US businesses. Learn about the insider threat and the importance of digital vigilance. Stay informed and protected! Posted 2025-12-19T003023.962+0100 Tools used for generation Text Gemini Narator Azure TTS Clips Pexel Rendering Remotion

A North Korean operative attempted to infiltrate Amazon's systems but was exposed through their unique typing rhythm and keystroke patterns. This case underscores the effectiveness of behavioral biometrics in cybersecurity and the sophisticated methods used to detect insider threats. The incident highlights how subtle digital footprints can lead to the identification of malicious actors. Tools used for generation Text Gemini Narator Azure TTS Clips Pexel Rendering Remotion

DroidLock targets Spanish Android users with full device takeover, credential theft, and data-wipe capabilities via phishing and updates.

CurrentWare’s user activity monitoring, web filtering, and device control software gives you advanced control and visibility over your entire workforce.

Founded in 2014, Teramind is a leading, global provider of employee monitoring, user behavior analytics, insider threat detection, forensics and data loss prevention software solutions.

A Maryland resident admitted running a hiring fraud using fake credentials for U.S. tech jobs and offering system access to foreign operators.