A former employee of a major cybersecurity firm has pleaded guilty to charges of assisting ransomware criminals in negotiating ransom payments. The man, identified as 34-year-old Matthew Devine from Texas, admitted in a U.S. federal court on Monday that he helped maximize ransom demands for the BlackByte ransomware group between 2022 and 2024.
Prosecutors said Devine used his knowledge of cybersecurity protocols to advise the gang on how to structure demands to extract higher payments from victims. Court documents reveal he received a 20% cut of each successful ransom, totaling more than $2.5 million in illicit earnings. The U.S. Department of Justice announced the guilty plea, noting this is one of the first cases where a cybersecurity insider was prosecuted for directly aiding attackers.
Devine’s role involved analyzing victim networks and recommending payment amounts based on perceived financial capacity. Investigators found encrypted chats where he discussed strategies with the gang, including targeting hospitals and schools to increase pressure. His actions allegedly delayed recovery efforts by advising victims not to report incidents to authorities.
Sentencing is scheduled for July 2024. If convicted, he faces up to 20 years in prison and fines exceeding $250,000. The case highlights vulnerabilities in trusted cybersecurity roles and raises questions about oversight in the industry.
The BlackByte ransomware group remains active, with recent attacks reported in Europe and North America. Authorities continue to investigate its infrastructure and associates.
Source: techcrunch.com