This article is titled US ransomware negotiators get 4 years in prison over BlackCat attacks which talks about the sentencing of several different people.
The people being talked about were not part of Black Cat directly, but were known as affiliates. Just like Web Hosting can have affiliates, these groups have been known to run similar networks like that as well.
I saw this during the taping of TSB, and I’m now getting a chance to blog this.
Black Cat, also known as AlphV, has been around the internet for some time.
According to the article, this company has pilfered at least 60 companies, and asking for ransoms between 30 thousand to 10 million in payment.
How much money the affiliates actually had is really unknown at this time.
Because the money is in crypto, it seems like it isn’t called “money laundering.” Since the proceeds of the stolen funds were split three ways, and of course could have been mixed, does that not count as laundering?
Money laundering is the illegal process of concealing the origins of money obtained through criminal activities—such as drug trafficking or corruption—to make it appear as though it came from a legitimate source. By “cleaning” this “dirty money,” criminals can use the funds within the formal financial system without alerting law enforcement to their original crimes.
If we take this definition at face value, we know that Crypto Currency can be considered dirty money. I’m not saying that people who have crypto who read this have dirty money. But every story we have covered that is in some type of press coverage has delbt with Crypto in the “money laundering” aspect.
<
The time a person receives for money laundering varies significantly based on the amount of money involved, the specific statute violated (federal vs. state), and the offender’s criminal history.
At the federal level, convictions for money laundering are severe and often carry higher maximum penalties than the crimes that generated the money.
To read more about Money Laundering in general, please read this page from the UNITED STATES SENTENCING COMMISSION web page.
With that said, my memory serves me to say that this is more than the 4 years that was handed down, and I completely understand the difference between federal and state.
The article starts out:
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.
40-year-old Ryan Clifford Goldberg (a former Sygnia incident response manager) and 36-year-old Kevin Tyler Martin (a DigitalMint ransomware negotiator) were charged in November and pleaded guilty in December to conspiracy to obstruct commerce by extortion.
Together with 41-year-old Angelo Martino, a third accomplice who also pleaded guilty in April, the two acted as BlackCat ransomware affiliates between May 2023 and November 2023, breaching the networks of multiple victims across the United States.
Extortion is generally a felony, punishable by 2–4 years in state prison and up to in fines, particularly in California. Sentences vary significantly
based on jurisdiction and factors like violence or gang activity (up to 20 years under federal Hobbs Act), or one year for simple blackmail.
Is it time, now that crypto is here to stay, for some of this to change in some way? I’m not a legal expert, nor do I claim to be someone knowledgeable in this type of law. I understand the basics of law, and can make a guess based on my reading of certain things, but I do urge people to seek out an attorney who is more knowledgeable in this than I.
According to court documents, they paid a 20% share of ransoms in exchange for access to BlackCat’s ransomware and extortion platform.
So, if they got the upper end of that offering they asked, they just paid $2 million for the access to that network. They keep the rest, and more than likely split it.
While Black Cat was involved in much more, this is what the article states about the suspects talked about here in the sentencing article.
The list of victims includes a Maryland pharmaceutical company, a Tampa medical device manufacturer, a California engineering firm, a Virginia drone manufacturer, and a California doctor’s office.
Prosecutors said the Tampa medical device company paid $1.27 million after its servers were encrypted and it received a $10 million ransom demand in May 2023, with the payment laundered and split three ways with Martino.
While other companies whose networks were breached by Goldberg and Martin also received ransom demands ranging from $300,000 to $10 million, the indictment does not indicate whether they received any additional payments.
“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” DigitalMint CEO Jonathan Solomon also told BleepingComputer earlier this month after Martino pleaded guilty.
According to Fincen’s main home page, Fincen stands for: United States Department of the Treasury Financial Crimes Enforcement Network.
According to their about page, it says:
FinCEN is a bureau of the U.S. Department of the Treasury. The Director of FinCEN is appointed by the Secretary of the Treasury and reports to the Treasury Under Secretary for Terrorism and Financial Intelligence. FinCEN’s mission is to safeguard the financial system from illicit activity, counter money laundering and the financing of terrorism, and promote national security through strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.
Read More from the about page including links to mission statements and more
It is time for sentencing guidelines to catch up with the crimes involved. If it matches something already being properly procecuted by current law, charge them under that law. If not, than lawmakers must work to figure out how to put whatever the crime committed was in to law so it can be procecuted.
While the suspects here were U.S. based, 4 years for money laundering doesn’t seem to be a lot of time, and I thought it was much more. I didn’t know how much more, but I thought it would be more than what we looked up and presented here.
Regardless, please read the full article for more on this case and sentence. Feel free to sign up, and comment on this or anything else you see on the blog.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.