Ex-Ransomware Negotiators Sentenced to Four Years for Role in BlackCat Attacks
Two former employees of cybersecurity incident response firms Sygnia and DigitalMint were each sentenced to four years in prison today for their roles in facilitating BlackCat (ALPHV) ransomware attacks against U.S. companies.
The sentencing, handed down in federal court, marks a major escalation in the Justice Department’s crackdown on enablers of ransomware gangs.
Prosecutors said the pair acted as “negotiators” for the BlackCat group, helping extort ransom payments from victim organizations while hiding the criminal origin of the funds.
Details of the Case
Court documents reveal that between 2021 and 2023, the two men—whose names have been withheld pending final redactions—used their legitimate positions at Sygnia and DigitalMint to steer victim companies toward paying BlackCat.
“They exploited their trusted roles in the cybersecurity industry to enable a prolific ransomware gang,” said Acting Assistant Attorney General Nicole M. Argentieri in a statement. “This sentence sends a clear message: those who facilitate cyber extortion will face severe consequences.”
The BlackCat ransomware operation, also known as ALPHV, has targeted hundreds of organizations worldwide, demanding ransoms totaling over $300 million.
Background
Ransomware negotiators are often hired by victims to mediate with attackers. However, in this case, the defendants allegedly had dual loyalty, using inside knowledge to benefit the criminals.
Investigators found evidence that the pair communicated directly with BlackCat affiliates, sometimes advising them on how to maximize pressure on victims. “They were not neutral brokers; they were co-conspirators,” said FBI Cyber Division Assistant Director James Smith.
Both men pleaded guilty to conspiracy to commit wire fraud and money laundering. Their prison terms will be followed by three years of supervised release.
What This Means
This case sets a precedent for prosecuting “insider” facilitators within the cybersecurity response ecosystem. It warns companies to vet third-party negotiators and auditors thoroughly.
“Ransomware negotiators walk a fine line between helping and harming,” said Emma Green, a cybersecurity policy expert at the Atlantic Council. “This ruling draws a bright red line: you cannot secretly work for both sides.”
The DOJ expects additional indictments of other individuals and companies that provided services to cybercriminal enterprises.
Editor’s note: This story is developing. Check back for updates.
Related Articles
- 10 Essential Insights for Aspiring Cybersecurity Consultants
- AI-Powered Security Sweep Uncovers 271 Zero-Day Vulnerabilities in Firefox
- Cybersecurity Week in Review: 8 Critical Events You Should Know
- Defending Against the German Cyber Surge: A Guide to the 2025 Data Leak Landscape
- Germany Exposes REvil and GandCrab Mastermind: Russian Daniil Shchukin Named as 'UNKN'
- How to Safeguard Your Company Against the Rising Wave of German Cyber Extortion
- The Expanding Role of Frontier AI in Next-Generation Cybersecurity
- Microsoft Rushes Emergency .NET 10.0.7 Patch to Fix Critical Data Protection Flaw