Former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty Thursday to participating in a series of ransomware attacks in 2023 while they were employed at cybersecurity companies tasked with helping organizations respond to ransomware attacks.
Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with an unnamed co-conspirator to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.
The plea deals mark a relatively quick turnaround as prosecutors successfully persuaded the pair to cop to their crimes less than three months after they were indicted in the U.S. District Court for the Southern District of Florida. Goldberg was arrested Sept. 22 and Martin was arrested Oct. 14.
Goldberg and Martin confirmed in their respective plea agreements that the total losses caused by their crimes exceeded $9.5 million, according to federal court records.
A spokesperson for DigitalMint said the company cooperated with the Justice Department throughout its investigation and supports the outcome as a step toward accountability.
“We strongly condemn his actions, which were undertaken without the knowledge, permission or involvement of the company,” the spokesperson said in a statement. “His behavior is a clear violation of our values and ethical standards.”
Sygnia did not immediately respond to a request for comment.
Goldberg and Martin each pleaded guilty to one of the three counts brought against them — conspiracy to interfere with interstate commerce by extortion — effectively reducing their maximum penalty from 50 years in federal prison to 20 years.
Victims impacted by the attacks over a six-month period in 2023 included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor’s office, an engineering company based in California and a drone manufacturer in Virginia, according to the indictment.
Prosecutors said Goldberg, Martin and their co-conspirator received a nearly $1.3 million ransom payment from the medical company in May 2023, but did not successfully extort a financial payment from the other victims.
Goldberg and Martin are each ordered to forfeit $342,000, which represents the value of proceeds traced to their crimes, according to their plea agreements. The court may also fine each of them up to $250,000 and additional restitution.
Officials said they will recommend reduced sentences for Goldberg and Martin as long as they make full, accurate and complete disclosures of their offenses and do not commit any further crimes.
Goldberg and Martin “abused a position of public or private trust, or used a special skill, in a manner that significantly facilitated the commission or concealment” of their crimes, prosecutors said.
The unnamed co-conspirator, who also worked at DigitalMint, allegedly obtained an affiliate account on ALPHV, which the trio used to commit ransomware attacks.
ALPHV/BlackCat was a notorious ransomware and extortion group linked to a series of attacks on critical infrastructure providers. The ransomware variant first appeared in late 2021, and was later used in dozens of attacks on organizations in the health care sector.
The group behind the ransomware strain also claimed responsibility for last year’s attack on UnitedHealth Group subsidiary Change Healthcare, which paid a $22 million ransom and became the largest health care data breach on record, compromising data on about 190 million people.
The crew is alleged to have stopped operations in March 2024.