Indictment: Employees of cybersecurity firms carried out ransomware attacks
Three employees of cybersecurity firms in the US are alleged to have carried out ransomware attacks themselves to extort money. Two have now been indicted.
(Image: Muhrfotografi/Shutterstock.com)
In the US, two men have been indicted who, while employed by cybersecurity firms, allegedly carried out ransomware attacks themselves, extorting more than one million US dollars. The Chicago Sun-Times reports this, explaining that one of the two worked for a company called DigitalMint, which negotiates ransom. The second was reportedly employed by Sygnia. The company simulates ransomware attacks for its clients, among other things. A third, unidentified person who also worked for DigitalMint is also accused. The company had made the investigations public in the summer, but the full extent of the alleged actions was not clear at the time.
Extortion of millions
As the Chicago newspaper reports, the two accused allegedly used the ransomware ALPHV. This can be rented, and in return, a portion of the loot must be given to those responsible. The men allegedly attacked and subsequently extorted a medical device manufacturer from Florida. They demanded 10 million US dollars for the return of the locked data but received 1.27 million. Further attacks and attempts to extort five million US dollars in one case, one million in another, and 300,000 in a third were reportedly unsuccessful. The attacks reportedly continued until April of this year.
One of the two accused was then interrogated by the FBI in June and initially denied the allegations. However, he later admitted to them and explained that he had received the loot in the form of cryptocurrency in the one successful attack and had tried to obscure its origin using mixing services. He told the US federal police that he wanted to pay off debts with the money and feared going to prison “for the rest of his life.” After being told that his accomplice's house had been searched, he later searched for it on Google. The indictment followed in early October.
Videos by heise
Although DigitalMint admitted in July that there were allegations against an employee, at the time it was only stated that a ransomware negotiation expert should have pocketed shares of it. That he himself was behind ransomware attacks was not publicly known at the time. The company has now pointed out to the Chicago Sun-Times that the indictment does not allege any knowledge or involvement on their part. Just like Sygnia, the company assures its support for the investigation, and the suspects have been immediately terminated.
(mho)
