A federal court in the Southern District of Florida has accepted guilty pleas from two cybersecurity professionals who used their expertise to conduct ransomware attacks rather than stop them.
Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas, pleaded guilty to conspiracy to commit extortion through ransomware operations.
Between April and December 2023, Goldberg and Martin, along with a third conspirator, deployed the ALPHV BlackCat ransomware against multiple U.S. victims.
The defendants leveraged their knowledge of computer security to exploit vulnerable systems rather than protect them.
They agreed to pay ALPHV BlackCat administrators 20% of all ransom payments in exchange for access to the ransomware and the group’s extortion platform.
After successfully extorting one victim for approximately $1.2 million in Bitcoin, the three men split their 80% share of the ransom and laundered the proceeds through various channels.
This case demonstrates a troubling trend where insiders weaponize their technical skills for criminal purposes.
ALPHV BlackCat operates as a ransomware-as-a-service model, meaning developers maintain the malware and infrastructure. At the same time, affiliates identify and attack high-value targets.
The group has targeted over 1,000 victims worldwide, causing extensive financial damage across industries. The Justice Department has prioritized disrupting ALPHV BlackCat operations.
In December 2023, the FBI developed a decryption tool that helped hundreds of victims restore their systems without paying ransoms, saving approximately $99 million. The FBI also seized several websites operated by the criminal group.
Goldberg and Martin each face up to 20 years in prison for conspiracy to commit extortion. They are scheduled to be sentenced on March 12, 2026.
The investigation was led by the FBI’s Miami Field Office, with assistance from the U.S. Secret Service, underscoring a multi-agency approach to combating ransomware threats.
This case underscores a critical security concern: trusted cybersecurity professionals can pose a threat when compromised.
Organizations must implement stringent background checks, monitoring, and ethical training for security personnel.
The guilty pleas send a clear message that domestic ransomware operators will be prosecuted and held accountable, regardless of their technical expertise or industry position.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
