December 30, 2025
Plot twist: the good guys go bad
U.S. cybersecurity experts plead guilty for ransomware attacks
From protectors to predators: insiders cash in, internet asks how they were caught
TLDR: Two cybersecurity insiders pled guilty to running ransomware, facing up to 20 years while feds pursue asset forfeiture. Commenters erupt with sarcasm and skepticism, demanding to know how they were caught, debating crypto breadcrumbs, and joking about pardons—highlighting fears that the danger can come from trusted insiders.
Cue the collective gasp: two U.S. cybersecurity pros—one from Sygnia, one from DigitalMint—pleaded guilty to running ransomware on American companies and skimming payouts. The community’s mood? Pure disbelief with a side of cynicism. “Who needs hackers if you have IT experts?” sneers one top comment, capturing the vibe as folks roast the ultimate fox-guards-henhouse plot twist.
While prosecutors say the crew used ALPHV/BlackCat—think “ransomware-as-a-service,” where criminals rent attack tools and pay a cut—commenters are stuck on the missing detail: how were they caught? One thread notes the DOJ filings don’t spell out the evidence yet, sparking speculation about reused crypto wallets and sloppy laundering. Over on the related thread, armchair sleuths break down the “kit with built-in addresses” theory and argue the FBI/Secret Service probably followed the Bitcoin breadcrumbs.
Drama escalates as users mock the $10 million demands versus a single $1.27 million payout from a Florida medical device maker—then a 20% tithe to BlackCat and a three-way split. The pardon meme crowd piles on with dark humor about “just paying for a pardon,” while others want receipts: court docs, chain-of-custody, the works. With potential 20-year sentences and asset forfeiture looming, the internet’s verdict is loud and messy: heroes-turned-villains, unanswered questions, and a reminder that the scariest hacks can come from inside the house.
Key Points
- •Two former cybersecurity professionals pleaded guilty to conspiracy to obstruct commerce by extortion for conducting ransomware attacks.
- •The defendants, formerly at Sygnia and DigitalMint, used the ALPHV/BlackCat ransomware-as-a-service and paid its operators a 20% cut.
- •They targeted companies in Maryland, California, Florida, and Virginia; only a Florida medical device firm paid $1.27 million of a $10 million demand.
- •Proceeds were split among the conspirators and laundered in Bitcoin; asset forfeiture proceedings are underway.
- •The FBI Miami Field Office led the investigation with U.S. Secret Service assistance; Goldberg has been in custody since September 2023.