Cybersecurity experts face 20 years in prison following ransomware campaign

Two US cybersecurity experts have pleaded guilty to using ALPHV BlackCat ransomware to extort businesses across the USA during a seven-month campaign in 2023.

40-year-old Ryan Goldberg of Georgia and 36-year-old Kevin Martin of Texas, admitted conspiring to obstruct, delay, or affect commerce through extortion in a federal district court in the Southern District of Florida.

Goldberg was an incident response manager at the time he and Martin, as well as one other unnamed individual, turned their skills to nefarious activities. Martin, meanwhile, was a ransomware threat negotiator.

Their campaign, which ran from April to December 2023, saw the trio turn to ALPHV BlackCat ransomware as a service operators, who they agreed to pay 20% share of any ransoms received in exchange for access to the ransomware and extortion platform

They then successfully used the malware against numerous US targets, including a pharmaceutical company based in Maryland, an engineering company based in California, a drone manufacturer in Virginia, and a medical company from Florida, where the case was heard.

One victim paid the equivalent of $1.2 million in Bitcoin in order to put an end to the attack, with the proceeds split three ways between the conspirators after they had given the ALPHV BlackCat administrators their cut.

Assistant attorney general A. Tysen Duva of the Justice Department’s Criminal Division said: “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop.”

Millions of dollars saved following ransomware disruption

ALPHV BlackCat was active for 18 months before the FBI developed a decryption tool for the ransomware, extorting millions of dollars from businesses primarily in the US before going dark in December 2023. The law enforcement agency estimates it saved victims in the order of $99 million in ransomware payments.

“The FBI remains committed to working alongside its law enforcement partners to disrupt and dismantle criminal enterprises involved in ransomware attacks and to hold accountable not only the perpetrators but also anyone who knowingly enables or profits from them,” said special agent in charge Brett Skiles of the FBI Miami Field Office.

US attorney Jason A Reding Quiñones, representing the Southern District of Florida, said: “Goldberg and Martin used trusted access and technical skill to extort American victims and profit from digital coercion.”

“Their guilty pleas make clear that cybercriminals operating from within the United States will be found, prosecuted, and held to account,” he added.

The pair are set to be sentenced on 12 March 2026 and face a maximum penalty of 20 years in prison.