AI News AI资讯 5h ago Updated 1h ago 更新于 1小时前 46

Ransomware negotiator hired to represent victims was working for the attackers 受雇代表受害者的勒索软件谈判专家竟为攻击者效力

Former ransomware negotiator Angelo Martino sentenced to 70 months for colluding with BlackCat (ALPHV) criminals to inflate ransom demands using confidential client data. Martino and co-conspirators exploited their roles at DigitalMint and Sygnia to leak insurance limits and negotiation strategies to cybercriminals for financial gain. The defendants actively participated in the BlackCat affiliate program, deploying ransomware against five additional victims and extorting $1.2 million. Over $75 m 前勒索软件谈判员 Angelo Martino 因与 BlackCat 黑客勾结,向攻击者泄露客户机密以抬高赎金,被判刑 70 个月。 Martino 及其同伙不仅背叛雇主 DigitalMint 的客户,还利用获得的 BlackCat 附属账户直接发起勒索攻击,导致超过 7500 万美元的损失。 案件揭示了网络安全服务行业内部人员威胁的严重性,攻击者通过渗透谈判环节获取保险限额等关键情报来最大化收益。

65
Hot 热度
70
Quality 质量
60
Impact 影响力

Analysis 深度分析

TL;DR

  • Former ransomware negotiator Angelo Martino sentenced to 70 months for colluding with BlackCat (ALPHV) criminals to inflate ransom demands using confidential client data.
  • Martino and co-conspirators exploited their roles at DigitalMint and Sygnia to leak insurance limits and negotiation strategies to cybercriminals for financial gain.
  • The defendants actively participated in the BlackCat affiliate program, deploying ransomware against five additional victims and extorting $1.2 million.
  • Over $75 million in ransoms were paid by five victims whose demands were artificially inflated due to Martino's insider information.
  • Martino faces asset forfeiture and must pay 10% of post-release earnings to compensate victims, highlighting severe legal consequences for insider threats in cybersecurity.

Why It Matters

This case underscores critical vulnerabilities within the third-party risk management and incident response sectors, demonstrating how trusted insiders can compromise organizational security and financial integrity. It serves as a stark warning for cybersecurity firms to implement rigorous internal controls, background checks, and monitoring of sensitive data access to prevent collusion with threat actors.

Technical Details

  • Insider Threat Mechanism: Martino utilized his role as a ransomware negotiator to access confidential client data, including insurance policy limits and internal negotiation strategies, which he transmitted via BlackCat’s proprietary "intermediary chat" tab and the Tox messaging platform.
  • Ransomware Affiliate Operations: The conspirators secured affiliate accounts within the BlackCat (ALPHV) ransomware-as-a-service (RaaS) framework, allowing them to deploy malware directly against targets and manage extortion negotiations.
  • Data Exfiltration and Encryption: BlackCat ransomware was used to encrypt victim networks and exfiltrate data, leveraging the stolen negotiation intelligence to pressure victims into paying higher ransoms, with payouts ranging from $213,000 to $26.8 million.
  • Cryptocurrency Laundering: Proceeds were received in cryptocurrency, with Martino converting funds into tangible assets such as real estate and vehicles, necessitating complex forensic accounting for asset recovery and forfeiture.

Industry Insight

  • Enhanced Insider Risk Protocols: Cybersecurity firms handling sensitive incident data must enforce strict least-privilege access controls and continuous behavioral analytics to detect anomalous communication patterns or data leaks to external parties.
  • Vendor Due Diligence: Organizations hiring third-party negotiators should conduct thorough vetting and require multi-factor authentication and audit trails for all communications related to ransom negotiations to ensure transparency and integrity.
  • Legal and Compliance Implications: The severe sentencing and asset forfeiture highlight the importance of robust compliance frameworks and ethical training for employees in high-risk roles, as insider collusion can lead to catastrophic financial and reputational damage.

TL;DR

  • 前勒索软件谈判员 Angelo Martino 因与 BlackCat 黑客勾结,向攻击者泄露客户机密以抬高赎金,被判刑 70 个月。
  • Martino 及其同伙不仅背叛雇主 DigitalMint 的客户,还利用获得的 BlackCat 附属账户直接发起勒索攻击,导致超过 7500 万美元的损失。
  • 案件揭示了网络安全服务行业内部人员威胁的严重性,攻击者通过渗透谈判环节获取保险限额等关键情报来最大化收益。

为什么值得看

该案例为网络安全从业者提供了关于内部威胁管理和第三方风险控制的深刻警示,特别是在处理敏感勒索谈判数据时。它展示了攻击者如何利用合法安全服务人员的权限漏洞进行双重犯罪,强调了行业监管和员工背景审查的重要性。

技术解析

  • 攻击手法: Martino 利用 BlackCat 面板中的“中间人聊天”功能,直接向攻击者泄露受害者的保险政策上限和内部谈判策略,以此换取赎金分成。
  • 角色转换: Martino 从防御方的谈判员转变为攻击方的附属成员(Affiliate),获得了 BlackCat 平台的部署权限,并与其他两名前同事共同发起攻击。
  • 通信渠道: 攻击者使用 Tox 消息平台和 BlackCat 面板内的专用聊天标签进行隐蔽沟通,规避常规监控。
  • 资金流向: 赃款主要以加密货币形式接收,部分用于购买房产、船只和车辆,FBI 已没收部分资产并要求其未来收入的 10% 用于赔偿受害者。

行业启示

  • 强化内部风控: 安全服务商必须实施严格的职责分离和数据访问控制,防止谈判人员同时接触攻击者渠道或拥有攻击工具权限。
  • 供应链信任危机: 企业应重新评估与第三方网络安全供应商的合作模式,引入更透明的审计机制,以防内部人员成为攻击者的“特洛伊木马”。
  • 法律威慑与合规: 此类重判表明执法机构对内部合谋犯罪的打击力度加大,行业需加强合规培训,明确法律红线,降低内部人员作案动机。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Security 安全