Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Summary

Ryan Goldberg and Kevin Martin, both cybersecurity professionals, were sentenced to four years in prison for their roles in facilitating BlackCat ransomware attacks against multiple U.S. victims between April and December 2023. The defendants conspired with Angelo Martino to access the ALPHV/BlackCat ransomware-as-a-service platform in exchange for a 20% cut of ransom proceeds, successfully extorting at least $1.2 million from one victim. Martino, a negotiator employed by DigitalMint, additionally abused his position by sharing victim insurance policy information with BlackCat operators to inflate ransom demands.

Full text

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks Ravie LakshmananMay 01, 2026Data Breach / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023. The two defendants, who pleaded guilty to their crimes in December 2025, conspired with Angelo Martino, 41, of Florida, to conduct the attacks. "The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV/BlackCat's extortion platform," the DoJ said. "All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case." In one case, the defendants are said to have successfully extorted a victim for approximately $1.2 million in Bitcoin, splitting their 80% share three ways and subsequently laundering the funds to cover up the tracks. Although the BlackCat ransomware-as-a-service (RaaS) scheme no longer exists, the group is estimated to have targeted the computer networks of more than 1,000 victims around the world. The development comes a week after Martino pleaded guilty to the same crime, and is scheduled to be sentenced in July 2026. In addition, Martino is said to have abused his role as a negotiator to extract higher payouts from victims by sharing confidential information about their insurance policy limits with the BlackCat operators. Martino and Martin worked for DigitalMint, while Goldberg was employed as an incident response manager for cybersecurity company Sygnia. "These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them," said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. "They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Bitcoin, Cybercrime, cybersecurity, data breach, digital forensics, Incident response, insider threat, law enforcement, Malware, ransomware ⚡ Top Stories This Week Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages Vercel Finds More Compromised Accounts in Context.ai-Linked Breach ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking and More Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately ⭐ Featured Resources Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization

Indicators of Compromise

• malware — BlackCat
• malware — ALPHV

Entities