Two cybersecurity professionals have admitted to federal charges related to the deployment of ALPHV BlackCat ransomware against multiple companies, as announced by the U.S. Department of Justice today. Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas, were implicated in a case that unfolded after their indictment in October.
Together with an undisclosed co-conspirator, Goldberg and Martin allegedly executed the ransomware attacks across five U.S. businesses from April to December 2023. As a consequence of their guilty pleas, the duo is set to face sentencing in March for conspiracy to obstruct commerce through extortion.
Exploiting Skills in Cybersecurity
Interestingly, both Martin and his co-conspirator were employed as ransomware negotiators for DigitalMint, a Chicago-based firm focusing on cybersecurity mitigation. Meanwhile, Goldberg held the position of incident response manager at Sygnia Cybersecurity Services. Both DigitalMint and Sygnia have publicly expressed that they were not implicated in the investigation and have fully cooperated with authorities.
Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division remarked that the defendants leveraged their sophisticated cybersecurity skills — training meant to combat such illegal activities — to orchestrate ransomware attacks. U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida condemned their actions, stating that the pair exploited their expertise to extort American businesses for personal gain, emphasizing that U.S. cybercriminals will face prosecution.
Financial Gain from Cyber Extortion
The Justice Department reported that the three individuals agreed to remunerate the administrators of ALPHV BlackCat with 20% of any ransom payment received in return for providing the ransomware and access to the associated extortion platform. After one notable extortion totaling approximately $1.2 million in Bitcoin, the trio shared their 80% cut equally and engaged in laundering the proceeds through various channels.
The victims of these cyberattacks included several businesses, such as:
- A medical device manufacturer based in Tampa, Florida
- A pharmaceutical firm located in Maryland
- A doctor’s office situated in California
- An engineering company also based in California
- A drone manufacturing entity located in Virginia
The Tampa medical device firm reportedly paid a ransom of $1.27 million; however, it remains unclear if other ransom amounts were settled as well. This case is part of broader law enforcement efforts aimed at countering ALPHV BlackCat, including the creation of a decryption tool purported to have saved global victims nearly $100 million in ransom payments.
Goldberg and Martin both pleaded guilty to a single count of “conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion,” as defined in 18 U.S.C. § 1951(a). The defendants are slated for sentencing on March 12, 2026, and face a maximum consequential penalty of 20 years in prison.
The cybersecurity realm has witnessed a disturbing trend of insider incidents lately, including a case involving a “suspicious insider” at CrowdStrike and another where a former cybersecurity official confessed to selling trade secrets to a Russian operant. However, in the situation surrounding Goldberg and Martin, it appears that no corporate resources were misappropriated.
