Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
Source: The Hacker News
Sentencing of Two Cybersecurity Professionals
The U.S. Department of Justice announced that two cybersecurity professionals have each been sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims across the United States between April and December 2023. The defendants pleaded guilty in December 2025 and conspired with Angelo Martino, 41, of Florida, to conduct the attacks.
“The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV/BlackCat’s extortion platform,” the DOJ said.
”All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.”
In one case, the defendants successfully extorted a victim for approximately $1.2 million in Bitcoin, splitting their 80% share three ways and subsequently laundering the funds to conceal the trail.
Although the BlackCat ransomware‑as‑a‑service (RaaS) scheme no longer exists, the group is estimated to have targeted the computer networks of more than 1,000 victims worldwide.
The development follows a week after Martino pleaded guilty to the same crime and is scheduled to be sentenced in July 2026. Martino allegedly abused his role as a negotiator to extract higher payouts from victims by sharing confidential information about their insurance policy limits with the BlackCat operators.
- Martino and Martin worked for DigitalMint.
- Goldberg was employed as an incident response manager for the cybersecurity company Sygnia.
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”