{"id":174117,"date":"2026-01-02T17:37:00","date_gmt":"2026-01-02T22:37:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case\/"},"modified":"2026-01-02T18:00:11","modified_gmt":"2026-01-02T23:00:11","slug":"two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/02\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case\/","title":{"rendered":"Two U.S. cybersecurity professionals plead guilty in BlackCat\/Alphv ransomware case"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/186446\/cyber-crime\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html\">Two U.S. cybersecurity professionals plead guilty in BlackCat\/Alphv ransomware case<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/186446\/cyber-crime\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html\">https:\/\/securityaffairs.com\/186446\/cyber-crime\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-02 17:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t\t\t\t\t\t\tTwo U.S. cybersecurity professionals plead guilty in BlackCat\/Alphv ransomware case<\/p>\n<p>\t\t\t\t\t\t\t Pierluigi Paganini<br \/>\n\t\t\t\t\t\t\t January 02, 2026<\/p>\n<p>Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat\/Alphv ransomware attacks.<\/p>\n<p>The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat\/Alphv ransomware attacks that occurred in 2023.<\/p>\n<p>Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.<\/p>\n<p>\u201cAccording to court documents, Ryan Goldberg, 40, of Georgia, Kevin Martin, 36, of Texas, and another co-conspirator successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.\u201d reads the press release published by DoJ. \u201cAll three men worked in the cybersecurity industry \u2014 meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.\u201d<\/p>\n<p>In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka \u201cCo-Conspirator 1\u201d) for using\u00a0BlackCat ransomware\u00a0to hack and extort five U.S. companies in 2023.<\/p>\n<p>Between May and November 2023, the defendants carried out ransomware attacks on five U.S. companies, demanding different ransom sums from each target: approximately $10 million from a medical device company (which ultimately paid about $1.27 million in cryptocurrency), an unspecified amount from a Maryland-based pharmaceutical firm, $5 million from a California doctor\u2019s office, $1 million from a California engineering company, and $300,000 from a Virginia-based drone manufacturer.<\/p>\n<p>While only the medical device firm paid, the others refused.<\/p>\n<p>Ryan Clifford Goldberg is a former incident response manager at cybersecurity firm Sygnia. Kevin Tyler Martin was a ransomware threat negotiator for cybersecurity firm DigitalMint at the time of the alleged conspiracy, while a suspected accomplice who wasn\u2019t indicted was also employed at the same company.<\/p>\n<p>DigitalMint denied any misconduct, dismissed the two employees, and fully cooperated with investigators.<\/p>\n<p>In October, the DOJ indicted CLIFFORD GOLDBERG and KEVIN TYLER MARTIN for hacking and extortion in attacks on at least five U.S. companies.<\/p>\n<p>\u201cAccording to an\u00a0affidavit filed in September by an FBI agent, the three men began using malicious software in May 2023 \u201cto conduct ransomware attacks against victims,\u201d first hitting a medical company in Florida by locking its servers and demanding $10 million to unlock the systems, court records say.\u201d\u00a0reported\u00a0the Chicago Sun Times. \u201cThe FBI agent noted the men ultimately made off with $1.2 million, although it was apparently the only successful attack.\u201d<\/p>\n<p>In October, the Department of Justice\u00a0indicted\u00a0Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.<\/p>\n<p>The FBI said their scheme ran until April 2025. Goldberg admitted helping launder $1.2M in crypto from a medical firm through mixers and wallets to hide the funds. He claimed debt drove him to join and later feared life imprisonment. After learning the FBI raided a co-conspirator, Goldberg fled to Paris with his wife. Both he and Martin were indicted on October 2 for extortion and computer damage.<\/p>\n<p>Martin pleaded not guilty, while Goldberg allegedly confessed to the FBI that he was recruited by an unnamed co-conspirator to \u201cransom some companies\u201d to escape debt. The third individual has not yet been indicted.<\/p>\n<p>Goldberg and Martin face extortion and cybercrime charges that could lead to sentences of up to 50 years in federal prison.<\/p>\n<p>Now Court documents say ALPHV BlackCat hit over 1,000 victims worldwide using a ransomware-as-a-service model. Developers built and maintained the malware and infrastructure, while affiliates targeted high-value victims. After ransom payments, proceeds were shared between developers and affiliates.<\/p>\n<p>\u201cMalware like ALPHV (BlackCat) ransomware is used by bad actors to steal, extort, and launder proceeds from victim businesses and organizations,\u201d said Special Agent in Charge Brett Skiles of the FBI Miami Field Office. \u201cThe FBI remains committed to working alongside its law enforcement partners to disrupt and dismantle criminal enterprises involved in ransomware attacks and to hold accountable not only the perpetrators but also anyone who knowingly enables or profits from them. We will continue to leverage our intelligence, law enforcement tools, global presence, and partnerships to counter cybercriminals who seek to harm the American public through these insidious attacks. We strongly encourage businesses to exercise due diligence when engaging third parties for ransomware incident response, report suspicious or unethical behavior, and to expeditiously report any ransomware attack to the FBI and our law enforcement partners to safeguard their security and privacy.\u201d<\/p>\n<p>Follow me on Twitter:\u00a0@securityaffairs\u00a0and\u00a0Facebook\u00a0and\u00a0Mastodon<\/p>\n<p>Pierluigi\u00a0Paganini<\/p>\n<p>(SecurityAffairs\u00a0\u2013\u00a0hacking,\u00a0BlackCat\/Alphv ransomware)<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two U.S. cybersecurity professionals plead guilty in BlackCat\/Alphv ransomware case https:\/\/securityaffairs.com\/186446\/cyber-crime\/two-u-s-cybersecurity-professionals-plead-guilty-in-blackcat-alphv-ransomware-case.html Publish Date: 2026-01-02 17:37:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":174118,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2015\/03\/DoJ.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-174117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174117"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=174117"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174117\/revisions"}],"predecessor-version":[{"id":174119,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/174117\/revisions\/174119"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/174118"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=174117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=174117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=174117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}