BREAKING: Two cybersecurity professionals, Ryan Goldberg (40) of Georgia and Kevin Martin (36) of Texas, have just pleaded guilty in a federal court in Florida for their involvement in an extensive extortion scheme linked to the notorious ALPHV (also known as BlackCat) ransomware gang. This shocking development highlights a severe breach of trust as these men used their expertise to exploit the very systems they were hired to protect.
The plea, announced earlier this week, comes after an investigation revealed that Goldberg and Martin operated as “affiliates” for the ALPHV group throughout 2023, launching a series of targeted attacks that resulted in the theft of millions. The FBI disrupted the gang’s operations in December 2023, uncovering that the duo was responsible for extorting approximately $1.2 million in Bitcoin from a single victim—part of a larger scheme that caused losses exceeding $9.5 million across the United States.
Using a ransomware-as-a-service (RaaS) model, the ALPHV group provided the malicious tools while Goldberg and Martin identified and attacked potential victims. They paid the group a hefty cut of 20% from their ill-gotten gains, while they laundered the remaining funds through various channels to evade detection.
What makes this case even more alarming is the background of the defendants. While engaging in criminal activities, Goldberg was employed as a manager at Sygnia, a firm that assists companies in recovering from cyber incidents, and Martin worked as a negotiator at DigitalMint, helping victims handle extortion demands. This dual role provided them with insider knowledge that facilitated their criminal endeavors.
Assistant Attorney General A. Tysen Duva condemned their actions, stating that they utilized their expertise to commit crimes “they should have been working to stop.” The FBI’s Miami Field Office led the investigation that culminated in their arrest, emphasizing the serious implications of such betrayal in the cybersecurity field.
Both men now face the prospect of significant prison time, with sentencing scheduled for March 12, 2026. They have each pleaded guilty to conspiracy to affect commerce by extortion, carrying a maximum penalty of 20 years in prison.
As this case unfolds, it raises critical questions about trust and ethics in cybersecurity. The ripple effects of their actions remind us of the vulnerabilities businesses face in an increasingly digital world. Stay tuned for more updates on this developing story as authorities continue to address the growing threat of cybercrime.
