VulnHub

Real-time Cybersecurity News

Feds say another DigitalMint negotiator ran ransomware attacks and extorted $75 million

CyberScoop
Actively Exploited
RansomwareExploit

Overview

Angelo Martino, a former negotiator for DigitalMint, is accused of running ransomware attacks while simultaneously negotiating on behalf of his employer. The U.S. government claims he extorted around $75 million through these actions, effectively playing both sides of the fence. This case raises serious concerns about insider threats within organizations that deal with cryptocurrency, as it highlights the potential for employees to exploit their positions for personal gain. The implications are significant, as it calls into question the security measures companies have in place to protect against such dual-role employees. The incident also emphasizes the ongoing challenges in combating ransomware, particularly when insiders are involved.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: DigitalMint, cryptocurrency negotiation services
  • Action Required: Companies should enhance their internal security protocols, conduct thorough background checks on employees, and implement strict separation of duties to prevent insider threats.
  • Timeline: Newly disclosed

Original Article Summary

Angelo Martino is accused of playing both sides — committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer. The post Feds say another DigitalMint negotiator ran ransomware attacks and extorted $75 million appeared first on CyberScoop.

Impact

DigitalMint, cryptocurrency negotiation services

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should enhance their internal security protocols, conduct thorough background checks on employees, and implement strict separation of duties to prevent insider threats.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Ransomware, Exploit.

Read Original Article

Related Coverage

Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes

Hackread – Cybersecurity News, Data Breaches, AI and More

Law enforcement agencies in Europe and the United States have successfully dismantled the SocksEscort proxy network, which was built using compromised routers. This network was utilized by cybercriminals for various global fraud schemes, allowing them to mask their online activities. The operation involved cooperation between multiple agencies, highlighting the importance of international collaboration in tackling cybercrime. The disruption of this network is significant as it not only affects the criminals who relied on it but also aims to protect individuals and businesses from the fallout of these fraudulent activities. This incident serves as a reminder of the ongoing threat posed by cybercriminals using compromised infrastructure to conduct illegal operations.

Mar 12, 2026

Iran-linked group claims wiper attack and takedown of medical device maker Stryker

SCM feed for Latest

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.

Mar 12, 2026

Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

The Hacker News

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

Mar 12, 2026

Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages

Hackread – Cybersecurity News, Data Breaches, AI and More

Scammers are exploiting security features from Cloudflare to mask fraudulent Microsoft 365 login pages, making it harder for users to identify phishing attempts. This tactic allows attackers to evade detection by antivirus software and security systems, putting sensitive information at risk. Users of Microsoft 365 should be particularly cautious, as these phishing pages can look very convincing and lead to credential theft. The situation emphasizes the need for individuals and organizations to remain vigilant about email security and to double-check URLs before entering personal information. Cybersecurity experts are urging users to enable multi-factor authentication to add an extra layer of protection against such scams.

Mar 12, 2026

Veeam warns of critical flaws exposing backup servers to RCE attacks

BleepingComputer

Veeam Software has issued patches for serious vulnerabilities in its Backup & Replication solution, including four critical remote code execution (RCE) flaws. These vulnerabilities could allow attackers to execute malicious code on affected backup servers, potentially leading to data breaches or system takeovers. Organizations using Veeam's software should prioritize applying these patches to safeguard their systems. The risks are particularly concerning for companies that rely on Veeam for data protection, as failing to address these vulnerabilities could leave sensitive data exposed. This incident serves as a reminder for all users of backup solutions to stay vigilant and ensure their software is up to date.

Mar 12, 2026

Authorities takedown global proxy network SocksEscort

CyberScoop

Authorities have dismantled a global proxy network known as SocksEscort, which had compromised routers and Internet of Things (IoT) devices across 163 countries. This botnet reportedly affected around 369,000 victims and generated approximately $5.8 million in revenue for its cybercriminal operators. The operation's scale demonstrates how widespread such threats can be, as compromised devices can facilitate various cybercrimes, including unauthorized access and data theft. The takedown is a significant step in combating the growing issue of botnets, which can put both individuals and organizations at risk. Users are advised to secure their devices and ensure they are not part of such networks.

Mar 12, 2026