Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Sygnia

Sygnia Vendor Cyber Rating & Cyber Score

sygnia.co

Sygnia is a cyber technology and services company, providing high-end consulting and incident response support for organizations worldwide. Sygnia works with companies to proactively build their cyber resilience and to respond and defeat attacks within their networks. It is the trusted advisor and cyber security service provider of IT and security teams, senior managements and boards of leading organizations worldwide, including Fortune 100 companies. The company draws on top talent from the ranks of elite military technology units and from across the cyber industry. It applies technological supremacy, digital combat experience, data analytics and a business-driven mindset to cyber, to deliver military grade security to business.


Sygnia A.I CyberSecurity Scoring

Sygnia
Company Information
Website:https://www.sygnia.co
Employees number:260
Number of followers:26,168
NAICS:541514
Industry Type:Computer and Network Security
Homepage:sygnia.co
Sygnia Risk Score (AI oriented)
Between 0 and 549
logo
SygniaComputer and Network Security
Updated:
18/06/2026
323/1000
Critical
C
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Sygnia Global Score (TPRM)
xxxx
logo
SygniaComputer and Network Security
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Sygnia
SygniaCritical
Current Score
323C (CRITICAL)
01000
4 incidents
-335 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
328Before Incident
JUNE 2026
323Before Incident
MAY 2026
314Before Incident
APRIL 2026
305Before Incident
MARCH 2026
621Before Incident
Ransomware
13 Mar 2026Sygnia
DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say

Cybersecurity Insider Exposed as Ransomware Mastermind in $75M Extortion Scheme

286After Incident
CRITICAL-335
SYGDIG1773455041
Cybersecurity Insider Exposed as Ransomware Mastermind in $75M Extortion Scheme Federal prosecutors have unmasked a shocking cybersecurity betrayal: Angelo Martino, a 41-year-old employee of Chicago-based DigitalMint, allegedly orchestrated the very ransomware attacks he was hired to negotiate. Martino and two accomplices Kevin Tyler Martin (also of DigitalMint) and Ryan Clifford Goldberg (an incident response manager at Sygnia Cybersecurity) are accused of extorting over $75 million from at least four companies and a nonprofit between 2023 and 2025. The victims spanned hospitality, retail, medical, and financial services, with two ransoms exceeding $25 million each. Martino’s role as a ransom negotiator provided insider access, while Goldberg exploited network vulnerabilities and Kevin Martin executed the attacks, locking systems and exfiltrating data. The group used ALPHV BlackCat ransomware, a notorious strain linked to hundreds of global attacks, under an "affiliate" agreement that funneled a cut of profits back to its developers. Authorities seized Martino’s Florida properties, vehicles, and $9 million in cryptocurrency. A plea hearing is scheduled for June 13, while Goldberg and Kevin Martin who pleaded guilty in December face sentencing on April 30. All three have been terminated from their employers. DigitalMint’s CEO, Jonathan Solomon, confirmed the company was alerted by the Justice Department in April 2025 and fired Martino immediately. A review found no additional misconduct, and DigitalMint has since tightened internal controls. Meanwhile, cybersecurity firm TRM Labs reports a surge in ransomware attacks, attributing the rise to a growing pool of threat actors exploiting vulnerabilities for profit.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Financial Loss: $75 millionSystems Affected: Locked systems, data exfiltrationOperational Impact: Significant disruption to victim operationsBrand Reputation Impact: Likely severe for affected entities
DATA BREACH
Type Of Data Compromised: Sensitive business and customer dataSensitivity Of Data: High
FEBRUARY 2026
620Before Incident
JANUARY 2026
617Before Incident
DECEMBER 2025
614Before Incident
NOVEMBER 2025
611Before Incident
OCTOBER 2025
608Before Incident
SEPTEMBER 2025
605Before Incident
AUGUST 2025
602Before Incident
DECEMBER 2023
554Before Incident
Cyber Attack
18 Dec 2023Sygnia
Sygnia: 2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Two Cyber Pros Admit to Being BlackCat Ransomware Affiliates

522After Incident
LOW-32
SYG1767124211
Two Cybersecurity Professionals Plead Guilty as BlackCat Ransomware Affiliates Two former cybersecurity professionals, Ryan Goldberg (40, Georgia) and Kevin Martin (36, Texas), have pleaded guilty to conspiring with a third, unnamed accomplice to deploy BlackCat (Alphv) ransomware against five U.S. companies, including three healthcare organizations. The attacks, conducted between April and December 2023, earned the group at least $1 million from a single victim—a Florida-based medical device manufacturer. Goldberg, an incident response manager at Sygnia, and Martin, a ransomware negotiator at DigitalMint, exploited their industry expertise to facilitate the extortion scheme. As BlackCat affiliates, they received 80% of ransom payments, with the remaining 20% going to the ransomware-as-a-service (RaaS) operators. The proceeds were laundered through cryptocurrency mixing services and multiple wallets. Both men pleaded guilty on December 18 in the U.S. District Court for the Southern District of Florida to conspiracy to commit extortion, facing up to 20 years in prison, three years of supervised release, and a $250,000 fine. They also agreed to forfeit $324,123.26 each in illicit gains. Sentencing is scheduled for March 12, 2026. The FBI revealed that Goldberg admitted in a June 2024 interview to being recruited for the scheme, which targeted the medical device firm. Days later, Goldberg and his wife fled to Paris on one-way tickets, though he returned to the U.S. by October for his arraignment. Martin was released on a $400,000 bond. BlackCat, a Russian-linked RaaS operation active since 2021, has extorted hundreds of millions from over 500 victims worldwide. The FBI released a decryption tool in December 2023 to help some victims recover data. The group’s operations collapsed in early 2024 after its administrators allegedly stole a $22 million ransom from UnitedHealth Group’s Change Healthcare breach, betraying their affiliate. Both DigitalMint and Sygnia condemned the defendants’ actions, stating they were unaware of their employees’ criminal activities. DigitalMint cooperated with the DOJ investigation, while Sygnia terminated Goldberg upon learning of the charges.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Financial Loss: $1.2 million (from one victim)Legal Liabilities: Fines and forfeiture of $324,123.26 per defendant
DATA BREACH
Data Encryption: Yes (Ransomware encryption)
APRIL 2023
751Before Incident
Ransomware
01 Apr 2023Sygnia
DigitalMint and Sygnia: Former Ransomware Negotiator Pleads Guilty to Aiding Attackers

Cybersecurity Insider Betrays Employer to Aid Ransomware Attacks

518After Incident
CRITICAL-233
SYGDIG1777357524
Cybersecurity Insider Betrays Employer to Aid Ransomware Attacks, DOJ Reveals A former employee of Chicago-based cybersecurity firm DigitalMint has been exposed as a key conspirator in a ransomware scheme that targeted U.S. organizations between April and November 2023. According to the U.S. Department of Justice (DOJ), James Martino who was trusted to assist ransomware victims instead colluded with cybercriminals, sharing sensitive details such as insurance policy limits and negotiation strategies in exchange for a share of the profits. Martino worked alongside Ryan Goldberg (a Georgia resident employed by cybersecurity firm Sygnia) and Kevin Martin (a Texas resident and fellow DigitalMint employee) to deploy BlackCat ransomware against multiple victims. In one case, the group extorted $1.2 million in Bitcoin from a victim, splitting and laundering the proceeds through various channels. Authorities have since seized $10 million in assets linked to Martino, including digital currency, a food truck, and a luxury fishing boat. The DOJ emphasized that Martino’s actions not only harmed victims but also undermined the integrity of the cyber incident response industry. Goldberg and Kevin Martin were indicted in November 2025, with Martino initially identified as an unnamed co-conspirator. The case highlights the risks posed by insider threats within cybersecurity firms, where trusted personnel may exploit their access to facilitate criminal activity.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial Gain
IMPACT
Financial Loss: $1.2 million (extorted), $10 million (seized assets)Brand Reputation Impact: Undermined integrity of cyber incident response industry
DATA BREACH
Insurance policy limitsNegotiation strategiesSensitivity Of Data: High
JANUARY 2016
753Before Incident
Cyber Attack
01 Jan 2016Sygnia
Velvet Ant Targets: Modified OpenSSH Binaries Let Velvet Ant Steal Passwords, Log Commands, and Hide Activity

Velvet Ant: A Decade-Long Cyber Espionage Campaign Targeting Critical Infrastructure

736After Incident
CRITICAL-17
SYG1781778300
Velvet Ant: A Decade-Long Cyber Espionage Campaign Targeting Critical Infrastructure A sophisticated cyber espionage campaign linked to the China-nexus threat actor Velvet Ant has been uncovered, revealing nearly a decade of undetected infiltration into highly segregated critical infrastructure networks. The operation, detailed in Sygnia’s Operation Highland investigation, demonstrates a multi-stage attack chain designed to compromise authentication systems, ensuring persistence despite routine security measures. ### Attack Overview Velvet Ant’s primary objective was to control authentication mechanisms across targeted environments, allowing the group to maintain access even after password rotations, session terminations, or containment efforts. The campaign, active as early as 2016, employed deeply engineered backdoors in core system components, including modified OpenSSH binaries and tampered PAM modules, to exfiltrate credentials, log commands, and conceal malicious activity. ### Intrusion Phases The attack unfolded in three distinct stages: 1. Initial Foothold (Internet-Facing Servers) - Attackers compromised internet-exposed systems using custom implants, including a reverse-shell tool (auditdb, based on GS-Netcat) and SOCKS5 proxies. - Persistence was achieved via systemd units or modified SysVinit scripts, disguised as legitimate services (e.g., a fake Chrome service). - Malware was engineered to evade detection in process lists. 2. Lateral Movement (Bridging Isolated Networks) - Compromised Nginx servers and a FastCGI wrapper were used to execute binaries remotely, enabling access to air-gapped IT-to-OT environments without direct internet connectivity. - Simple HTTP requests served as an execution pathway into segregated networks. 3. Full Authentication Control (Backdoored System Components) - OpenSSH binaries (sshd, ssh, scp, ssh-keygen) were replaced with malicious variants, allowing attackers to: - Accept hardcoded backdoor passwords. - Log interactive commands and authentication attempts in encrypted files (stored under `/usr/share/man9/ph/` with MD5-hashed filenames). - Disable logging via a custom `-d` flag and masquerade processes as kernel threads. - PAM modules (pam_unix.so) were backdoored with nine distinct variants, each compiled in separate environments, some erasing traces of the backdoor in memory. - Older variants used rotating MD5-based backdoor hashes tied to days of the week, indicating iterative refinement. ### Impact & Risks The modifications transformed authentication from a security control into a covert persistence mechanism. Traditional remediation such as rotating credentials or removing services became ineffective, as the compromised code itself validated access. Sygnia warns that incorrectly replacing PAM modules or OpenSSH binaries could lock administrators out of critical systems, risking outages in environments where zero-downtime and offline recovery are essential. The campaign highlights the sustained investment and operational sophistication of Velvet Ant, with tailored implants across multiple Linux distributions and versions, demonstrating a structured build pipeline and long-term strategic targeting.
INCIDENT DETAILS -
TYPE
Cyber Espionage
MOTIVATION
Cyber espionage, long-term persistence, control of authentication mechanisms
IMPACT
Data Compromised: Credentials, interactive commands, authentication attemptsSystems Affected: Internet-facing servers, Nginx servers, air-gapped IT-to-OT environments, Linux-based critical infrastructure systemsOperational Impact: Risk of system lockouts during remediation, potential outages in zero-downtime environmentsIdentity Theft Risk: High (credential exfiltration)
DATA BREACH
Type Of Data Compromised: Credentials, authentication logs, interactive commandsSensitivity Of Data: High (authentication data, PII risk)Data Exfiltration: Yes (encrypted logs stored in /usr/share/man9/ph/)Data Encryption: Yes (MD5-hashed filenames for logs)Personally Identifiable Information: Potential (credentials, commands)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Sygnia ?
?
What was Sygnia's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Sygnia's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Sygnia's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Sygnia ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Sygnia's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?