Two cybersecurity experts charged with deploying ALPHV BlackCat ransomware against five companies have pleaded guilty to federal charges in the case, the U.S. Department of Justice announced today.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were indicted in the BlackCat ransomware case in October. Together with an unnamed co-conspirator, they “successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States,” the Justice Department said today.
The two face sentencing in March for conspiring to obstruct commerce through extortion.
Misusing ‘Trusted Access and Technical Skill’
Martin and the co-conspirator worked as ransomware negotiators for DigitalMint, a Chicago-based company that specializes in mitigating cyberattacks, while Goldberg was an incident response manager at Sygnia Cybersecurity Services. DigitalMint and Sygnia have publicly stated they were not targets of the investigation and have cooperated fully with law enforcement.
“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” stated Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.
“Goldberg and Martin used trusted access and technical skill to extort American victims and profit from digital coercion,” added U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “Their guilty pleas make clear that cybercriminals operating from within the United States will be found, prosecuted, and held to account.”
BlackCat Ransomware Case Netted More Than $1 million
According to the Justice Department, the three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransom payments they received in exchange for the ransomware and access to ALPHV BlackCat’s extortion platform.
“After successfully extorting one victim for approximately $1.2 million in Bitcoin, the men split their 80% share of this ransom three ways and laundered the funds through various means,” the Justice Department said.
The five unnamed victim companies targeted by the co-conspirators included:
- A medical device company based in Tampa, Florida
- A pharmaceutical company based in Maryland
- A doctor’s office based in California
- An engineering company based in California
- A drone manufacturer based in Virginia
The Tampa medical device company paid a $1.27 million ransom; it is not clear if other ransom payments were made.
The Justice Department placed the guilty pleas in the context of priori law enforcement actions aimed at disrupting ALPHV BlackCat, including the development of a decryption tool that that the U.S. says saved global victims nearly $100 million in ransom payments.
The Justice Department said Goldberg and Martin each pleaded guilty to one count of “conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion in violation of 18 U.S.C. § 1951(a).”
The defendants are scheduled to be sentenced on March 12, 2026, and face a maximum penalty of 20 years in prison.
The cybersecurity industry has faced a number of insider incidents in recent months, including a “suspicious insider” at CrowdStrike and a former cybersecurity company official who pled guilty to stealing trade secrets to sell them to a Russian buyer. In the Goldberg and Martin case, corporate assets do not appear to have been misused.