Two individuals with security backgrounds have been federally charged for orchestrating a coordinated ransomware attack campaign against American businesses using the dangerous BlackCat strain.
Ryan Clifford Goldberg from Georgia and Kevin Tyler Martin from Texas face serious federal charges including conspiracy to interfere with interstate commerce through extortion, intentional computer damage, and money laundering violations.
The defendants, along with an unnamed co-conspirator, allegedly deployed BlackCat ransomware also known as ALPHV in targeted attacks against five major American companies between May 2023 and November 2023.
The indictment reveals a coordinated strategy designed to maximize profits by encrypting critical company data and demanding substantial cryptocurrency ransoms in exchange for decryption keys and promises not to publicize stolen information.
BlackCat represents one of the most sophisticated ransomware operations to emerge in recent years.
Developed in late 2021, the malicious software quickly became a preferred tool for cybercriminals targeting hundreds of institutions globally, including universities, hospitals, medical facilities, law firms, and financial firms.
The ransomware operates through a structured affiliate model where developers recruit vetted operators who receive customized access to attack targets.
Over twenty BlackCat victims existed in the Florida region alone, collectively sustaining tens of millions in cryptocurrency ransom payments and massive operational disruptions.
The targeted victims in this particular case included a Tampa-based medical device company, a Maryland pharmaceutical company, a California doctor’s office, a California engineering firm, and a Virginia drone manufacturer.
The medical device company suffered the most severe attack, with the defendants demanding approximately ten million dollars after encrypting their servers.
The company ultimately paid roughly 1.2 million dollars in cryptocurrency to restore their operations and retrieve their stolen data.
Additional attacks extracted five million dollars from the pharmaceutical company, one million dollars from the engineering firm, and three hundred thousand dollars from the drone manufacturer.
The pharmaceutical company attack and subsequent extortion demand specifically occurred around May 2023, while the engineering company and drone manufacturer experienced attacks in October and November respectively.
Federal prosecutors charge that the defendants knowingly orchestrated network intrusions, stole sensitive corporate data, deployed encryption mechanisms to disable business operations, and fraudulently extracted cryptocurrency payments through coercion and intimidation.
The conspiracy allegedly continued for nearly two years, from May 2023 through April 2025, with the defendants and their associate splitting the extorted payments.
The indictment specifically alleges violations of federal extortion statutes, computer fraud laws, and asset forfeiture provisions that allow the government to seize any property derived from the illegal proceeds.
Prosecutors indicate they will seek forfeiture of cryptocurrency and other assets traceable to the extortion scheme.
The charges carry serious prison time and substantial financial penalties for individuals convicted of ransomware conspiracy and interstate commerce interference through extortion.
This prosecution demonstrates the federal government’s increasing focus on dismantling organized ransomware operations and holding individual operators accountable for attacks that cripple critical American businesses and infrastructure.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
