{"id":208044,"date":"2026-05-02T11:43:00","date_gmt":"2026-05-02T15:43:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/02\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling\/"},"modified":"2026-05-02T12:15:10","modified_gmt":"2026-05-02T16:15:10","slug":"two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/02\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling\/","title":{"rendered":"Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/191591\/cyber-crime\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html\">Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/191591\/cyber-crime\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html\">https:\/\/securityaffairs.com\/191591\/cyber-crime\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-02 11:43:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t\t\t\t\t\t\tTwo US cybersecurity experts sentenced in ransomware case, third awaits July ruling<\/p>\n<p>\t\t\t\t\t\t\t Pierluigi Paganini<br \/>\n\t\t\t\t\t\t\t May 02, 2026<\/p>\n<p>Two US security experts were sentenced to 4 years for helping ransomware attacks. A third accomplice pleaded guilty and awaits sentencing.<\/p>\n<p>Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ransomware attacks. Both pleaded guilty to conspiracy involving extortion. A third individual, Angelo Martino, also admitted involvement in the scheme and is currently awaiting sentencing that is scheduled for July 9. The case highlights how even security experts can take part in cybercrime activities.<\/p>\n<p>\u201cRyan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were sentenced.\u201d reads the press release published by DoJ. \u201cAccording to court documents, they and another co-conspirator, Angelo Martino, 41, of Florida, successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.\u201d<\/p>\n<p>In January, the two U.S. cybersecurity professionals\u00a0pleaded guilty to charges tied to their roles in\u00a0BlackCat\/Alphv\u00a0ransomware attacks that occurred in 2023.<\/p>\n<p>Court records show Ryan Goldberg, Kevin Martin, and Martino deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.<\/p>\n<p>\u201cAccording to court documents, Ryan Goldberg, 40, of Georgia, Kevin Martin, 36, of Texas, and another co-conspirator successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.\u201d reads the\u00a0press release\u00a0published by DoJ. \u201cAll three men worked in the cybersecurity industry \u2014 meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.\u201d<\/p>\n<p>In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka \u201cCo-Conspirator 1\u201d) for using\u00a0BlackCat ransomware\u00a0to hack and extort five U.S. companies in 2023.<\/p>\n<p>Between May and November 2023, the defendants carried out ransomware attacks on five U.S. companies, demanding different ransom sums from each target: approximately $10 million from a medical device company (which ultimately paid about $1.27 million in cryptocurrency), an unspecified amount from a Maryland-based pharmaceutical firm, $5 million from a California doctor\u2019s office, $1 million from a California engineering company, and $300,000 from a Virginia-based drone manufacturer.<\/p>\n<p>While only the medical device firm paid, the others refused.<\/p>\n<p>Ryan Clifford Goldberg is a former incident response manager at cybersecurity firm Sygnia. Kevin Tyler Martin was a ransomware threat negotiator for cybersecurity firm DigitalMint at the time of the alleged conspiracy.<\/p>\n<p>DigitalMint denied any misconduct, dismissed the two employees, and fully cooperated with investigators.<\/p>\n<p>In October 2025, the DOJ indicted CLIFFORD GOLDBERG and KEVIN TYLER MARTIN for hacking and extortion in attacks on at least five U.S. companies.<\/p>\n<p>\u201cAccording to an\u00a0affidavit filed in September by an FBI agent, the three men began using malicious software in May 2023 \u201cto conduct ransomware attacks against victims,\u201d first hitting a medical company in Florida by locking its servers and demanding $10 million to unlock the systems, court records say.\u201d\u00a0reported\u00a0the Chicago Sun Times. \u201cThe FBI agent noted the men ultimately made off with $1.2 million, although it was apparently the only successful attack.\u201d<\/p>\n<p>The FBI said their scheme ran until April 2025. Goldberg admitted to helping launder $1.2M in crypto from a medical firm through mixers and wallets to hide the funds. He claimed debt drove him to join and later feared life imprisonment. After learning the FBI had raided a co-conspirator, Goldberg fled to Paris with his wife. Both he and Martin were indicted on October 2 for extortion and computer damage.<\/p>\n<p>Martin pleaded not guilty, while Goldberg allegedly confessed to the FBI that he was recruited by an unnamed co-conspirator to \u201cransom some companies\u201d to escape debt. The third individual has not yet been indicted.<\/p>\n<p>Court documents say ALPHV BlackCat hit over 1,000 victims worldwide using a ransomware-as-a-service model. Developers built and maintained the malware and infrastructure, while affiliates targeted high-value victims. After ransom payments, proceeds were shared between developers and affiliates.<\/p>\n<p>\u201cToday\u2019s sentencings show that ransomware criminals can operate anywhere, including right here in the United States, and that the FBI is actively working to track them down and dismantle their networks \u2014 wherever they exist,\u201d said Assistant Director Brett Leatherman of the FBI\u2019s Cyber Division. \u201cGoldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the U.S., but the FBI\u2019s global reach ensured that they ultimately faced justice. When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims. The FBI thanks our DOJ partners for their help securing today\u2019s outcome.\u201d\u00a0<\/p>\n<p>Follow me on Twitter:\u00a0@securityaffairs\u00a0and\u00a0Facebook\u00a0and\u00a0Mastodon<\/p>\n<p>Pierluigi\u00a0Paganini<\/p>\n<p>(SecurityAffairs\u00a0\u2013\u00a0hacking,\u00a0DoJ)<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling https:\/\/securityaffairs.com\/191591\/cyber-crime\/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":208045,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2015\/03\/DoJ.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-208044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208044"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=208044"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208044\/revisions"}],"predecessor-version":[{"id":208046,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/208044\/revisions\/208046"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/208045"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=208044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=208044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=208044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}