Three former employees of cybersecurity firms DigitalMint and Sygnia have been indicted for allegedly participating in a series of ransomware attacks linked to the BlackCat (ALPHV) group, targeting US companies between May and November 2023.

According to court documents, Kevin Tyler Martin, 28, Ryan Clifford Goldberg, 33, and an unnamed co-conspirator face multiple federal charges, including conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers. If convicted, they could face up to 50 years in prison.

Prosecutors allege that Martin and the unnamed co-conspirator, both former ransomware negotiators at DigitalMint, and Goldberg, a former incident response manager at Sygnia, acted as affiliates of the BlackCat ransomware gang. The trio is accused of breaching corporate networks, stealing sensitive data, encrypting systems, and demanding cryptocurrency ransoms in exchange for decryption keys and silence.

The alleged victims include a medical device manufacturer, a pharmaceutical company, a doctor’s office, an engineering firm, and a drone manufacturer. Ransom demands ranged from $300,000 to $10 million, with one company ultimately paying $1.27 million after rejecting an initial $10 million demand. Martin has pleaded not guilty, while Goldberg remains in federal custody pending trial. The US Department of Justice has not released details about the third suspect.

Authorities dismantle a large-scale credit card fraud ring that affected 4.3M victims

An international law enforcement operation has led to the arrest of 18 suspects involved in a large-scale credit card fraud scheme spanning 193 countries. The operation, codenamed “Chargeback,” targeted an organized network that defrauded millions of victims via fake online subscriptions to dating, pornography, and streaming services.

According to officials, among the arrested suspects are five senior executives and compliance officers from four German payment service providers, suspected of enabling the fraud by allowing the criminals to access the payment infrastructure in exchange for fees. Additionally, five suspects were arrested in the US and are now awaiting extradition to Germany.

The scheme operated between 2016 and 2021, exploiting 19 million credit card accounts and generating at least €300 million in illicit profits. The suspects allegedly stole credit card data, set up fake merchant accounts, authorized transactions, and laundered proceeds through shell companies primarily registered in Cyprus and the United Kingdom. The shell companies were acquired through crime-as-a-service providers, who supplied complete corporate structures, including fake directors and Know-Your-Customer (KYC) documents.

To avoid detection, the fraudsters kept monthly charges below €50, used misleading payment descriptions, and directed funds to non-indexed websites accessible only through direct links.

Conti affiliate extradited to the US from Ireland to face charges

A Ukrainian national was extradited from Ireland to the United States to face charges related to the global Conti ransomware operation.

The Conti ransomware group operated from December 2019 to May 2022, generating at least $180 million in revenue. The group targeted businesses, healthcare organizations, educational institutions, emergency services, and government entities around the world, with the Costa Rican and Peruvian governments among the most notable victims. For initial access, the group leveraged phishing campaigns and malware such as TrickBot and BazarLoader. The Conti crew disbanded after the group publicly declared support for Russia following its invasion of Ukraine and suffered a massive internal data leak. Although the Conti brand disappeared, its members dispersed into other cybercriminal groups.

According to court documents, Oleksii Oleksiyovych Lytvynenko, 43, is accused of conspiring with others to deploy Conti ransomware between 2020 and June 2022. Prosecutors allege that the conspirators hacked into computer networks, encrypted data, and demanded ransom payments in cryptocurrency in exchange for restoring access and preventing the release of stolen information.

Irish police arrested Lytvynenko in July 2023 at the request of US authorities. Court filings allege that Lytvynenko continued to engage in cybercrime activities up until days before his arrest. Lytvynenko is charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. If convicted, he faces a maximum sentence of five years in prison on the computer fraud conspiracy count and 20 years on the wire fraud conspiracy count.

Lytvynenko’s case is part of the US effort to dismantle international cybercrime networks linked to Conti and the Trickbot malware operations. In September 2023, the US authorities unsealed indictments against several other individuals in connection to Conti and Trickbot. In June 2024, Ukrainian authorities arrested a suspected developer behind the LockBit and Conti malware.

On the same note, another Ukrainian national, Yuriy Igorevich Rybtsov, aka “MrICQ,” has been extradited from Italy to the US after being indicted more than a decade ago for his role in a major cybercrime scheme. Rybtsov is accused of working as a developer for the “Jabber Zeus” group, a criminal organization responsible for stealing tens of millions of dollars via a customized version of the Zeus banking trojan.

Russian authorities arrest hackers behind the Meduza info-stealer

Russian authorities have arrested three IT-specialists allegedly responsible for the development of the notorious “Meduza” info-stealer. They are suspected of creating, distributing, and using malicious computer programs.

Investigators determined that approximately two years ago, the suspects created and distributed the “Meduza” software via hacker forums. The software was designed to steal account credentials, cryptocurrency wallet information, and other sensitive computer data.

Further investigation revealed that the suspects had also developed and distributed malware intended to bypass security systems and create botnets, which can be used for large-scale cyber-attacks.

A criminal case was opened under Part 2 of Article 273 of the Russian Criminal Code. The suspects were detained in Moscow and the Moscow region, with the authorities seizing computer equipment, communication devices, bank cards, and other evidence.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Nine arrested in €600M cross-border cryptocurrency fraud crackdown

European law enforcement agencies have arrested nine individuals suspected of running a massive cryptocurrency fraud network that stole more than €600 million ($689 million) from victims across multiple countries.

According to Eurojust, the suspects allegedly set up a network of fake cryptocurrency investment platforms that mimicked legitimate trading websites and promised unusually high returns. Victims were lured through social media ads, cold calls, fabricated news articles, and fake celebrity endorsements. Once they transferred their funds, victims were unable to recover their investments, while the criminals laundered the stolen assets using advanced blockchain tools.

Nine suspects were arrested at their homes in Cyprus, Spain, and Germany on suspicion of their involvement in money laundering from fraudulent activities. Authorities also seized €800,000 in bank accounts, €415,000 in cryptocurrencies, and €300,000 in cash during the raids.

The operation follows a series of similar crackdowns on large-scale cryptocurrency scams across Europe. In October, police arrested five suspects connected to another investment fraud network that defrauded more than 100 victims out of €100 million ($118 million) since 2018. Earlier in June, Spanish authorities apprehended five suspects accused of laundering €460 million ($540 million) from fake crypto investment schemes that targeted over 5,000 victims worldwide.