Federal prosecutors in the United States have charged three individuals for allegedly carrying out a series of ransomware attacks targeting five U.S. companies using BlackCat ransomware, also known as ALPHV, between May and November 2023. The attacks reportedly aimed to extort large sums from the victims, including medical, engineering, pharmaceutical, and technology organizations.
Insiders Accused of Orchestrating Ransomware Attacks
Kevin Tyler Martin and another accomplice, referred to in court documents as “Co-Conspirator 1,” were employed at the time as ransomware negotiators for DigitalMint, a Chicago-based company that specializes in mitigating cyberattacks. Ryan Clifford Goldberg, an incident response manager at Sygnia Cybersecurity Services, was also indicted in the scheme.
The Chicago Sun-Times first reported the charges, highlighting the unusual circumstances in which employees of a firm tasked with resolving ransomware attacks allegedly engaged in their own cybercrimes. “Employees of DigitalMint, a company that specializes in negotiating ransoms in cyberattacks, were part of a small crew, the feds say conducted five hacks that scored more than $1 million,” the outlet reported.
Timeline and Targets of BlackCat Ransomware Attacks
Prosecutors claim the group began deploying BlackCat ransomware in May 2023. The first target was a medical company in Florida, whose servers were locked with a ransom demand of $10 million. Court records indicate that the attack ultimately netted $1.2 million, which was routed through cryptocurrency mixers to conceal the transaction. Subsequent targets included a Maryland-based pharmaceutical company, a California doctor’s office with a $5 million demand, an engineering company in California with a $1 million demand, and a Virginia drone manufacturer with a $300,000 demand.
According to FBI documents, Goldberg initially denied involvement when interviewed in June 2025 but later admitted that the unnamed co-conspirator had recruited him. He stated his motivation stemmed from personal debt and fears of federal prison, and he described how the illicit funds were transferred through multiple cryptocurrency wallets to hide the digital trail.
Both DigitalMint and Sygnia have publicly stated they were not targets of the investigation and have cooperated fully with law enforcement. DigitalMint confirmed it terminated the employees involved, emphasizing that the alleged attacks occurred outside its systems and did not compromise client data. Sygnia noted that Goldberg was no longer employed by the firm.
Legal Proceedings and Potential Consequences
Martin and Goldberg were indicted on October 2, 2025, on multiple charges, including conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce, and intentional damage to protected computers. Goldberg has been taken into custody, while Martin was released on a $400,000 bond. Both face a potential maximum sentence of 50 years in federal prison.
The timeline of attacks, according to court documents, includes:
- May 13, 2023: Attack on the Florida medical device company; $1.274 million paid in cryptocurrency.
- May 2023: Attack on an unspecified firm, ransom demand unknown.
- July 2023: Attack on the California doctor’s office; $5 million ransom demand.
- October 2023: Attack on the California engineering company; $1 million ransom demand.
- November 2023: Attack on the Virginia drone manufacturer; $300,000 ransom demand.
While Martin has pleaded not guilty, Goldberg allegedly admitted to participating in the attacks in coordination with the co-conspirator to “ransom some companies.” The third individual involved has not been indicted.
The FBI warns that malicious software like BlackCat ransomware can encrypt files on local drives, networked computers, and attached devices, with victims often coerced into paying ransoms to regain access to critical systems.
