Cyber Insiders Confess: Two US Experts Plead Guilty to BlackCat Ransomware Extortion
January 3, 2026, 9:52 pm
Location: United States, District of Columbia, Washington
Employees: 10001+
Founded date: 1789
Total raised: $6.5M
Two former U.S. cybersecurity professionals admitted guilt for extensive ransomware extortion. Ryan Goldberg and Kevin Martin exploited their deep technical expertise and industry access. They specifically targeted American companies, deploying the infamous BlackCat (ALPHV) ransomware strain. Their victims spanned critical sectors: medical equipment manufacturers, pharmaceutical companies, engineering firms, and even drone producers. One known incident saw them extort $1.2 million in Bitcoin from a medical device maker. This stark betrayal by individuals trusted to defend digital infrastructure illuminates a critical insider threat vulnerability. Both men pleaded guilty to conspiracy to interfere with commerce through extortion. They now face up to 20 years in federal prison. Sentencing proceedings are set for March. This case sends a clear message about consequences for cybercrime.
Washington D.C. – Two former U.S. cybersecurity experts confessed to serious federal charges. Ryan Goldberg and Kevin Martin pleaded guilty. They admitted to conspiring with a notorious ransomware gang. Their actions led to significant extortion attempts against American targets. This marks a concerning betrayal by those sworn to protect digital systems.
Goldberg, 40, from Georgia, and Martin, 36, from Texas, entered their pleas. They appeared at a federal court in Miami. Both faced a single count of conspiracy to interfere with commerce through extortion. This charge carries a maximum penalty of 20 years in prison. Their sentencing is scheduled for March 12, 2026.
The Justice Department detailed their criminal enterprise. Goldberg and Martin leveraged their advanced cybersecurity skills. They used them for illicit gain. Their expertise was meant to defend companies. Instead, it facilitated widespread digital attacks.
The duo deployed the BlackCat ransomware. BlackCat, also known as ALPHV, is a well-known cybercriminal organization. It operates a ransomware-as-a-service (RaaS) model. This structure allows affiliates to use BlackCat’s tools. They then share a percentage of their illicit profits.
Federal prosecutors outlined the scope of their attacks. Goldberg and Martin targeted multiple U.S. companies. One victim was a medical equipment manufacturer. They extorted $1.2 million in Bitcoin from this firm. Other targets included pharmaceutical companies. Engineering firms also fell prey. Even a drone manufacturer faced their demands. The attacks occurred throughout 2023.
Both men had backgrounds in incident response. Kevin Martin and an unnamed third co-conspirator worked for DigitalMint. This company specializes in cybercrime and incident response. They served as negotiators for ransomware attacks. Ryan Goldberg managed incident response for Sygnia Cybersecurity Services. Sygnia confirmed Goldberg's immediate termination upon learning of the situation. The firm was not a target of the investigation.
The case highlights the growing threat of insider collaboration in cybercrime. Individuals with deep technical knowledge pose unique risks. Their access and understanding of defenses can be weaponized. This makes them particularly dangerous adversaries. Their actions erode trust in the cybersecurity sector.
BlackCat ransomware has a notorious history. The group is linked to major breaches. Attacks on Reddit, Bandai Namco, and MGM Resorts are attributed to them. They also targeted UnitedHealth Group last year. Following the UnitedHealth incident, BlackCat reportedly disappeared. Its exact status remains uncertain.
The FBI has actively combated BlackCat. In 2023, the bureau developed a decryption tool. This tool helped victims recover their data. It provided a critical defense against the gang’s malicious software. Federal efforts aimed to disrupt BlackCat's operations. This case demonstrates continued pursuit of their affiliates.
The indictment against Goldberg, Martin, and their accomplice came in October. It detailed their use of BlackCat ransomware. They encrypted and stole data from victims. They then demanded millions of dollars in exchange for its release. Their scheme exploited vulnerabilities across diverse industries.
This conviction sends a strong message. Cybersecurity professionals hold a position of trust. Betraying that trust carries severe legal consequences. The Justice Department remains committed to prosecuting such crimes. Protecting national infrastructure from all threats is a top priority.
The March 2026 sentencing will conclude this chapter. Both men face significant time behind bars. Their case serves as a stark warning. The fight against ransomware requires vigilance. It also demands integrity from those on the front lines of defense. The digital landscape requires constant protection. This incident reinforces that imperative.
Washington D.C. – Two former U.S. cybersecurity experts confessed to serious federal charges. Ryan Goldberg and Kevin Martin pleaded guilty. They admitted to conspiring with a notorious ransomware gang. Their actions led to significant extortion attempts against American targets. This marks a concerning betrayal by those sworn to protect digital systems.
Goldberg, 40, from Georgia, and Martin, 36, from Texas, entered their pleas. They appeared at a federal court in Miami. Both faced a single count of conspiracy to interfere with commerce through extortion. This charge carries a maximum penalty of 20 years in prison. Their sentencing is scheduled for March 12, 2026.
The Justice Department detailed their criminal enterprise. Goldberg and Martin leveraged their advanced cybersecurity skills. They used them for illicit gain. Their expertise was meant to defend companies. Instead, it facilitated widespread digital attacks.
The duo deployed the BlackCat ransomware. BlackCat, also known as ALPHV, is a well-known cybercriminal organization. It operates a ransomware-as-a-service (RaaS) model. This structure allows affiliates to use BlackCat’s tools. They then share a percentage of their illicit profits.
Federal prosecutors outlined the scope of their attacks. Goldberg and Martin targeted multiple U.S. companies. One victim was a medical equipment manufacturer. They extorted $1.2 million in Bitcoin from this firm. Other targets included pharmaceutical companies. Engineering firms also fell prey. Even a drone manufacturer faced their demands. The attacks occurred throughout 2023.
Both men had backgrounds in incident response. Kevin Martin and an unnamed third co-conspirator worked for DigitalMint. This company specializes in cybercrime and incident response. They served as negotiators for ransomware attacks. Ryan Goldberg managed incident response for Sygnia Cybersecurity Services. Sygnia confirmed Goldberg's immediate termination upon learning of the situation. The firm was not a target of the investigation.
The case highlights the growing threat of insider collaboration in cybercrime. Individuals with deep technical knowledge pose unique risks. Their access and understanding of defenses can be weaponized. This makes them particularly dangerous adversaries. Their actions erode trust in the cybersecurity sector.
BlackCat ransomware has a notorious history. The group is linked to major breaches. Attacks on Reddit, Bandai Namco, and MGM Resorts are attributed to them. They also targeted UnitedHealth Group last year. Following the UnitedHealth incident, BlackCat reportedly disappeared. Its exact status remains uncertain.
The FBI has actively combated BlackCat. In 2023, the bureau developed a decryption tool. This tool helped victims recover their data. It provided a critical defense against the gang’s malicious software. Federal efforts aimed to disrupt BlackCat's operations. This case demonstrates continued pursuit of their affiliates.
The indictment against Goldberg, Martin, and their accomplice came in October. It detailed their use of BlackCat ransomware. They encrypted and stole data from victims. They then demanded millions of dollars in exchange for its release. Their scheme exploited vulnerabilities across diverse industries.
This conviction sends a strong message. Cybersecurity professionals hold a position of trust. Betraying that trust carries severe legal consequences. The Justice Department remains committed to prosecuting such crimes. Protecting national infrastructure from all threats is a top priority.
The March 2026 sentencing will conclude this chapter. Both men face significant time behind bars. Their case serves as a stark warning. The fight against ransomware requires vigilance. It also demands integrity from those on the front lines of defense. The digital landscape requires constant protection. This incident reinforces that imperative.