CP
cyberpings
Malware & RansomwareHIGH

Ransomware Responder Allegedly Aided BlackCat Cybercriminals

TRThe Record
BlackCatransomwareDigitalMintAngelo MartinoALPHV
🎯

Basically, a cybersecurity worker helped hackers negotiate bigger ransoms from victims he was supposed to assist.

Quick Summary

A cybersecurity responder allegedly aided BlackCat hackers in negotiating higher ransoms. This shocking breach of trust has raised alarms in the industry. DigitalMint has since terminated the involved parties and is enhancing oversight.

What Happened

The Justice Department has made shocking allegations against Angelo Martino, a cybersecurity incident responder?. Prosecutors claim he not only participated in ransomware attacks but also assisted the BlackCat cybercrime group in negotiating higher ransoms from the very victims he was employed to help. Martino surrendered to authorities and was released on bond, with restrictions on his future work in the cybersecurity field.

Martino allegedly collaborated with two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, who have already pleaded guilty to conspiracy charges. Together, they reportedly earned around $1.2 million from a ransomware? attack targeting a Florida medical company, although they failed to extort nine other victims. The court documents detail Martino's involvement in at least ten ransomware? attacks while simultaneously providing confidential information? to BlackCat to maximize ransom payments.

Who's Affected

The victims of this scheme include various organizations that fell prey to the ransomware? attacks. The most notable case involved a Florida medical company, but the total number of affected entities is likely higher, given the nine unsuccessful extortion attempts mentioned. The financial implications for these victims can be severe, as ransoms reached staggering amounts, including $26 million and $25 million.

DigitalMint, the company employing Martino, has faced significant backlash due to his actions. They have publicly condemned his behavior, stating it violated both company policy and ethical standards. The firm has since terminated Martino and Martin and is cooperating with the DOJ's investigation.

What Data Was Exposed

While the specific data exposed during these ransomware? attacks has not been disclosed, the nature of ransomware? typically involves the theft of sensitive information. This can include personal data, financial records, and proprietary business information. The attackers often threaten to release this data if the ransom is not paid, putting immense pressure on victims to comply.

DigitalMint has taken steps to enhance its security measures following the incident. They have implemented new controls requiring all negotiations to occur over secure, auditable? cloud platforms. This move aims to prevent similar breaches of trust in the future and protect sensitive information from being exploited.

What You Should Do

For organizations, this incident serves as a stark reminder of the risks associated with ransomware? negotiations. It's crucial to vet any third-party incident responder?s thoroughly and ensure they adhere to ethical standards. Companies should also consider implementing stricter oversight and auditing processes for all negotiations involving ransom payments.

Additionally, organizations should educate their staff about the potential for insider threats and the importance of reporting suspicious behavior. By fostering a culture of transparency and accountability, businesses can better protect themselves against the growing threat of ransomware? and insider collusion.

💡 Tap dotted terms for explanations

🔒 Pro insight: This incident highlights the vulnerabilities within the ransomware negotiation process, necessitating stricter controls and oversight to prevent insider threats.

Original article from

The Record

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

SmartApeSG Campaign Deploys Remcos RAT via ClickFix Page

A new campaign is using a fake ClickFix page to spread Remcos RAT. Individuals and organizations are at risk of remote access and data theft. Stay vigilant and protect your systems from this growing threat.

SANS ISC Full Text·
HIGHMalware & Ransomware

Ransomware Negotiator Allegedly Extorted Victims for Millions

A ransomware negotiator is accused of extorting victims for millions. DigitalMint claims ignorance of his actions. This scandal raises serious concerns about trust in cybersecurity professionals.

SC Media·
HIGHMalware & Ransomware

New VENON Malware Targets Brazilian Banking Users

A new malware called VENON is targeting Brazilian banking users. This Rust-based threat employs advanced techniques to steal sensitive information. Stay alert and protect your accounts from this evolving danger.

SC Media·
HIGHMalware & Ransomware

FBI Investigates Malware Spread Through Steam Games

The FBI is investigating malware hidden in Steam games. Gamers who installed these titles may have had their accounts compromised. If you played these games, report your experience to help the investigation.

BleepingComputer·
HIGHMalware & Ransomware

Credential Theft: Storm-2561 Spoofs VPN Clients to Steal Logins

A new cybercrime group is spoofing VPN clients to steal user credentials. Cisco and Fortinet users are particularly at risk. Stay alert and ensure you’re downloading software from official sources to protect your data.

The Register Security·
HIGHMalware & Ransomware

Authorities Disrupt SocksEscort Proxy Service Linked to AVrecon Botnet

Authorities have disrupted the SocksEscort proxy service tied to the AVrecon botnet. This operation affected around 360,000 devices globally. Criminals used these compromised devices for various illegal activities, leading to significant financial losses for victims.

Security Affairs·