Ex-Ransomware Negotiators Sentenced to Four Years for Role in BlackCat Attacks
Two former ransomware negotiators from Sygnia and DigitalMint sentenced to 4 years for BlackCat attacks. DOJ warns enablers will face prison.
Two former employees of cybersecurity incident response firms Sygnia and DigitalMint were each sentenced to four years in prison today for their roles in facilitating BlackCat (ALPHV) ransomware attacks against U.S. companies.
The sentencing, handed down in federal court, marks a major escalation in the Justice Department’s crackdown on enablers of ransomware gangs.
Prosecutors said the pair acted as “negotiators” for the BlackCat group, helping extort ransom payments from victim organizations while hiding the criminal origin of the funds.
Details of the Case
Court documents reveal that between 2021 and 2023, the two men—whose names have been withheld pending final redactions—used their legitimate positions at Sygnia and DigitalMint to steer victim companies toward paying BlackCat.
“They exploited their trusted roles in the cybersecurity industry to enable a prolific ransomware gang,” said Acting Assistant Attorney General Nicole M. Argentieri in a statement. “This sentence sends a clear message: those who facilitate cyber extortion will face severe consequences.”
The BlackCat ransomware operation, also known as ALPHV, has targeted hundreds of organizations worldwide, demanding ransoms totaling over $300 million.
Background
Ransomware negotiators are often hired by victims to mediate with attackers. However, in this case, the defendants allegedly had dual loyalty, using inside knowledge to benefit the criminals.
Investigators found evidence that the pair communicated directly with BlackCat affiliates, sometimes advising them on how to maximize pressure on victims. “They were not neutral brokers; they were co-conspirators,” said FBI Cyber Division Assistant Director James Smith.
Both men pleaded guilty to conspiracy to commit wire fraud and money laundering. Their prison terms will be followed by three years of supervised release.
What This Means
This case sets a precedent for prosecuting “insider” facilitators within the cybersecurity response ecosystem. It warns companies to vet third-party negotiators and auditors thoroughly.
“Ransomware negotiators walk a fine line between helping and harming,” said Emma Green, a cybersecurity policy expert at the Atlantic Council. “This ruling draws a bright red line: you cannot secretly work for both sides.”
The DOJ expects additional indictments of other individuals and companies that provided services to cybercriminal enterprises.
Editor’s note: This story is developing. Check back for updates.