Pierluigi Paganini
May 02, 2026
Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ransomware attacks. Both pleaded guilty to conspiracy involving extortion. A third individual, Angelo Martino, also admitted involvement in the scheme and is currently awaiting sentencing that is scheduled for July 9. The case highlights how even security experts can take part in cybercrime activities.
“Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were sentenced.” reads the press release published by DoJ. “According to court documents, they and another co-conspirator, Angelo Martino, 41, of Florida, successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.”
In January, the two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023.
Court records show Ryan Goldberg, Kevin Martin, and Martino deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.
“According to court documents, Ryan Goldberg, 40, of Georgia, Kevin Martin, 36, of Texas, and another co-conspirator successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.” reads the press release published by DoJ. “All three men worked in the cybersecurity industry — meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.”
In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023.
Between May and November 2023, the defendants carried out ransomware attacks on five U.S. companies, demanding different ransom sums from each target: approximately $10 million from a medical device company (which ultimately paid about $1.27 million in cryptocurrency), an unspecified amount from a Maryland-based pharmaceutical firm, $5 million from a California doctor’s office, $1 million from a California engineering company, and $300,000 from a Virginia-based drone manufacturer.
While only the medical device firm paid, the others refused.
Ryan Clifford Goldberg is a former incident response manager at cybersecurity firm Sygnia. Kevin Tyler Martin was a ransomware threat negotiator for cybersecurity firm DigitalMint at the time of the alleged conspiracy.
DigitalMint denied any misconduct, dismissed the two employees, and fully cooperated with investigators.
In October 2025, the DOJ indicted CLIFFORD GOLDBERG and KEVIN TYLER MARTIN for hacking and extortion in attacks on at least five U.S. companies.
“According to an affidavit filed in September by an FBI agent, the three men began using malicious software in May 2023 “to conduct ransomware attacks against victims,” first hitting a medical company in Florida by locking its servers and demanding $10 million to unlock the systems, court records say.” reported the Chicago Sun Times. “The FBI agent noted the men ultimately made off with $1.2 million, although it was apparently the only successful attack.”
The FBI said their scheme ran until April 2025. Goldberg admitted to helping launder $1.2M in crypto from a medical firm through mixers and wallets to hide the funds. He claimed debt drove him to join and later feared life imprisonment. After learning the FBI had raided a co-conspirator, Goldberg fled to Paris with his wife. Both he and Martin were indicted on October 2 for extortion and computer damage.
Martin pleaded not guilty, while Goldberg allegedly confessed to the FBI that he was recruited by an unnamed co-conspirator to “ransom some companies” to escape debt. The third individual has not yet been indicted.
Court documents say ALPHV BlackCat hit over 1,000 victims worldwide using a ransomware-as-a-service model. Developers built and maintained the malware and infrastructure, while affiliates targeted high-value victims. After ransom payments, proceeds were shared between developers and affiliates.
“Today’s sentencings show that ransomware criminals can operate anywhere, including right here in the United States, and that the FBI is actively working to track them down and dismantle their networks — wherever they exist,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Goldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the U.S., but the FBI’s global reach ensured that they ultimately faced justice. When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims. The FBI thanks our DOJ partners for their help securing today’s outcome.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DoJ)
Cybercrime
DoJ
Hacking
hacking news
information security news
IT Information Security
malware
Pierluigi Paganini
ransomware
Security Affairs
Security News
