Sygnia

Sygnia is a Tel Aviv-based cybersecurity company with a significant incident-response and digital forensics practice. Ryan Goldberg, an IR professional at Sygnia, pleaded guilty to using ALPHV/BlackCat ransomware against US victims between April and December 2023 by exploiting his privileged access and client relationships. The case is the first high-profile DOJ prosecution of an IR firm's employee for insider ransomware abuse.

Sygnia was acquired by Temasek (Singapore's state investment firm) in 2022 and has built its reputation on high-profile incident-response engagements including nation-state intrusion investigations. Its client base spans financial services, critical infrastructure and government sectors globally. The Goldberg prosecution creates reputational and operational pressure on Sygnia to demonstrate that its personnel controls and access-monitoring for IR engagements have been reviewed and strengthened.

For the wider IR industry, the Sygnia-Goldberg case establishes that insider abuse is not a theoretical risk but a documented threat. The specific attack pattern — leveraging pre-existing victim relationships built during legitimate IR engagements — is impossible to prevent through technical controls alone and requires personnel screening, engagement access-logging and contractual accountability mechanisms.