According to documents released by the U.S. Department of Justice, on December 29 (local time), the Federal Court for the Southern District of Florida accepted guilty pleas from two criminal suspects. These two individuals, who once posed as cybersecurity experts, admitted to orchestrating multiple ransomware attacks throughout 2023. Drawing on their purported professional expertise, they targeted numerous U.S. companies, threatening to leak sensitive data unless ransoms of up to $10 million were paid. Each now faces a maximum sentence of 20 years in prison.

The duo employed ALPHV ransomware to carry out their attacks, subsequently remitting 20% of their illicit earnings to the platform operators. They then divided and laundered the remaining ransom funds to obscure their tracks. The investigation, spearheaded by the FBI with support from the Secret Service, has made significant progress. The case is currently in the process of adjudicating asset forfeiture matters, meaning the perpetrators may ultimately be required to return their ill-gotten gains and provide compensation to the victims.