Two former cybersecurity professionals who used their insider knowledge to carry out ransomware attacks will serve four years in prison.
Key takeaways
- Two U.S. cybersecurity professionals were sentenced to four years in prison for BlackCat ransomware attacks
- The attackers were trusted industry insiders, including an incident responder and a ransom negotiator
- They operated as affiliates in a ransomware-as-a-service (RaaS) scheme, sharing profits with the ALPHV/BlackCat gang
- At least one victim paid $1.2 million in Bitcoin, which was later laundered
- A third co-conspirator is still awaiting sentencing
From defenders to attackers
The U.S. Department of Justice announced that Ryan Goldberg, 40, and Kevin Martin, 36, were sentenced to four years in prison each for their role in ransomware attacks carried out in 2023.
The two weren’t typical cybercriminals. Both worked in cybersecurity roles at the time—positions designed to helping organizations respond to exactly this type of threat.
Goldberg served as an incident response manager, while Martin worked as a ransomware negotiator—placing them in direct contact with victims during high-stakes breaches.
Instead of protecting organizations, they leveraged that expertise to attack them.
According to court documents, the pair partnered with the ALPHV/BlackCat ransomware group, one of the most notorious ransomware-as-a-service (RaaS) operations.
Their arrangement followed a familiar RaaS model:
- They gained access to the ransomware platform and infrastructure
- In return, they paid 20% of ransom proceeds to the operators
- They handled the actual intrusions, encryption, and extortion
Between April and December 2023, the group targeted multiple U.S. organizations across sectors. In at least one case, they extorted $1.2 million in Bitcoin, which they later split and laundered.
The broader ALPHV/BlackCat operation targeted over 1,000 victims worldwide, making it one of the most harmful ransomware groups of recent years, the US Department of Justice said in a press release:
According to court documents, ALPHV BlackCat targeted the computer networks of more than 1,000 victims around the world. The group used a ransomware-as-a-service model in which developers were responsible for creating and updating ransomware and for maintaining the illicit internet infrastructure. Affiliates were responsible for identifying and attacking high-value victim institutions with the ransomware. After a victim paid, developers and affiliates shared the ransom.
Abuse of trust at the worst possible moment
What makes this case particularly troubling is the attackers’ access to sensitive information. One co-conspirator, Angelo Martino, 41, of Florida, who is still awaiting sentencing, allegedly used his role as a ransomware negotiator to share confidential victim data with attackers, increasing pressure on victims to pay.
As reported last month, between April and November 2023, Martino acted as a negotiator for multiple ransomware victims. During that time, he allegedly leaked highly sensitive information to the attackers, including insurance coverage limits and internal negotiation strategies.
In a statement, Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division emphasized the betrayal:
These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed. This isn’t just cybercrime—it’s a breakdown of trust within the cybersecurity ecosystem itself.
This intelligence allegedly allowed the operation to fine-tune its demands and extract higher ransoms. In some cases, Martino allegedly participated in the actual deployment of malware onto victim’s computer networks.
Guilty pleas
In December 2025, Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion.
Last month, co-conspirator Angelo Martino also pleaded guilty to his role in the conspiracy.
“In addition to conspiring with Goldberg and Martin to attack victims with ransomware, Martino also abused his role as a negotiator for victims of ransomware by sharing confidential victim information with threat actors to increase the value of the ransom paid,” the DOJ said.
Because of his deeper involvement in the scheme, Martino could face a higher sentence. His sentencing is set for July 9.
The sentencing follows broader efforts by U.S. authorities to disrupt BlackCat. In 2023, the FBI seized infrastructure and released a decryption tool that helped victims recover systems and avoid an estimated $99 million in ransom payments.
You may also like to read:
Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers
Global Scam Crackdown: 276 Arrested, Crypto Fraud Networks Dismantled
FBI: Cybercrime Losses Hit a Record $21 Billion Last Year, Fueled by AI
