Two former cybersecurity firm employees, one of whom specialized in ransomware negotiations, have admitted guilt in connection with a series of ransomware attacks conducted in 2023. The Department of Justice confirmed these guilty pleas, stating that Ryan Goldberg (40) and Kevin Martin (36) successfully extorted $1.2 million in Bitcoin from a medical device company, in addition to targeting several other entities.
Goldberg, Martin, and an unidentified accomplice faced indictment for these attacks in October. Their method involved deploying ALPHV / BlackCat ransomware to encrypt and exfiltrate data from their targets. Reports from the Chicago Sun-Times indicated that Martin and the third individual served as ransomware negotiators for Digital Mint, a company focused on cybercrime and incident response. Goldberg, meanwhile, held the position of incident response manager at Sygnia Cybersecurity Services.
The ALPHV / BlackCat group operates a ransomware-as-a-service (RaaS) model. In this structure, the malware’s developers typically receive a portion of the illicitly obtained funds from the cybercriminals who utilize their tools to attack victims. In 2023, the FBI created a decryption tool to help recover data for ALPHV / BlackCat victims. This group has been associated with significant attacks against organizations such as Bandai Namco, MGM Resorts, Reddit, and UnitedHealth Group.
According to the DOJ’s indictment, Goldberg, Martin, and their co-conspirator employed the ransomware in an effort to extort millions of dollars from various US-based victims. These targets included a pharmaceutical firm, a medical practice, an engineering company, and a drone manufacturer.
Assistant Attorney General A. Tysen Duva of the DOJ’s Criminal Division commented on the case, stating that the defendants leveraged their advanced cybersecurity training and expertise to execute ransomware attacks, a type of crime they were professionally obligated to prevent. Duva emphasized the Department of Justice’s dedication to utilizing all available resources to identify and apprehend ransomware perpetrators within its jurisdiction.
Both Goldberg and Martin entered guilty pleas to a single charge of “conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion.” Their sentencing is slated for March 12th, 2026, at which point they could each receive a prison sentence of up to 20 years.
