Today, two cybersecurity professionals who made a deal with AlphV/BlackCat to use their #ransomware to attack multiple victims in the U.S. were sentenced to four years in prison. A third co-conspirator has yet to be sentenced.

Two of the three worked for DigitalMint; the third worked for Sygnia. Neither firm had any knowledge of its employees' illegal activities and cooperated fully with law enforcement.

One of the victims was a doctor's office that the defendants had encrypted. Then, when the doctor wouldn't pay, they leaked patient data and wouldn't provide a decryptor.

Both of the defendants sentenced today had pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion in violation of 18 U.S.C. § 1951(a).

They faced maximum sentences of 20 years, but were sentenced to four years.

Goldilocks and the 3 Verdicts Poll:

Does their sentence seem

Ugggh this one is going to suck. cPanel is everywhere and most are not patched frequently.

https://www.bleepingcomputer.com/news/security/cpanel-whm-emergency-update-fixes-critical-auth-bypass-bug

Your phone is about to stop being yours.

https://keepandroidopen.org/en/

125 days until lockdown

Starting September 2026, a silent update, nonconsensually pushed by Google, will block every Android app whose developer hasn't registered with Google, signed their contract, paid up, and handed over government ID.

Every app and every device, worldwide, with no opt-out.