When Cybersecurity Professionals Become the Criminals

The men are accused of deploying the Black Cat ransomware on multiple US companies, in the medical and manufacturing industry. Black Cat operated a Ransomware-as-a-Service model where freelance affiliates do the hacking for a share of the profit. Black Cat shut down their activities after international law enforcement seized their infrastructure. It was this operation that also gave FBI the leads that led to the arrest of the three US criminals.

The defendants include Kevin Tyler Martin, 28, a Ransomware negotiator at the cyber incident company Digital Mint, and Ryan Clifford Goldberg, 33, an Incident Response Manager at the cybersecurity company Sygnia.

The incident response company Digital Mint had previously been reported for questionable ethics in ransomware negotiations, including accepting kickbacks from ransomware groups during negotiations.

Assessment

The ethics of professional ransomware negotiations companies has always been highly questionable. Ultimately the business model revolves around making deals with criminals. This is not the first time ransomware negotiators, such as Digital Mint, have been accused of accepting kickbacks in exchange for facilitating smoother negotiations that ultimately result in the criminals getting paid.

This is another reason why Truesec never recommends paying a ransom, even if victims sometimes see no other way out, and never get involved in such negotiations. The companies involved in ransomware negotiations need to establish relationships with ransomware criminals that will expose their staff to many temptations as the criminals will use the relationship to gain influence over them.

One of the men later admitted that he got involved in the scheme to get out of personal debts. Personal debts spiraling out of control is one of the most common ways people become vulnerable to corruption. Truesec takes security vetting of all our employees very serious. We have ongoing security vetting programs for all our personnel and hold all our employees to the highest professional and ethical standards.

It is also important to note that many insider problems are identified through non-technical solutions, when managers or colleagues raise the alarm. Insider prevention is a company wide task – not only nested with those responsible for cyber security. Truesec can also support customers with insider prevention programs.

References

[1] https://storage.courtlistener.com/recap/gov.uscourts.flsd.698436/gov.uscourts.flsd.698436.17.0.pdf
[2] https://breached.company/doj-investigation-exposes-alleged-corruption-in-ransomware-negotiation-industry/