American cybersecurity pros guilty of ALPHV/BlackCat ransomware attacks

Published: 31 December 2025
Last updated: 31 December 2025
ALPHV ransomware down
Image by Cybernews.

The guilty pleas of two American "cybersecurity professionals-turned-affiliates" of the ALPHV/Blackcat ransomware gang – carrying out multiple attacks and raking in millions – were accepted by a federal judge on Monday.

Key takeaways:
  • Two American security professionals pleaded guilty to ALPHV/BlackCat attacks, extorting victims including medical device company for $1.2M ransom.
  • The accused leveraged their incident response expertise to deploy BlackCat malware, splitting proceeds with the Russian-linked gang through sophisticated money laundering schemes.
  • Duo faces maximum 20-year penalties and a fine of up to $250,000 to be determined at a March 2026 sentencing.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Initially pleading guilty in Southern Florida’s federal district court on December 18th, the accused are identified as:

ADVERTISEMENT
  • Ryan Goldberg, 40, of Georgia – worked as an incident response supervisor at Sygnia, an Israeli-owned cybersecurity firm
  • Kevin Martin, 36, of Texas – worked as a ransomware threat negotiator at DigitalMint, a Chicago-based threat intel and incident response company

FBI officials say the two specifically admitted to hacking a medical device company using the ALPHV/BlackCat ransomware and then extorting the company for a $1.2 million ransom demand in 2023, among others.

The duo – along with an unnamed co-conspirator who also worked at DigitalMint but is not charged – were said to have “successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.”

“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks – the very type of crime that they should have been working to stop,” said Asst. Attorney General A. Tysen Duva of the DoJ’s Criminal Division.

Court records show Goldberg and Martin admitted involvement in four additional extortion attempts between May and November 2023 that failed to secure ransom payments.

These included ransoming a Maryland-based pharmaceutical company, a California doctor’s office for $5 million, a California engineering firm for $1 million, and a Virginia drone manufacturer for $300,000.

Both Sygnia and DigitalMint said the defendants were no longer employed, emphasizing their cooperation with law enforcement.

ADVERTISEMENT

ALPHV/BlackCat fed off affiliates

During its heyday, ALPHV/BlackCat was known to operate as a ransomware-as-a-service model.

ALPHV would offer its “affiliates” access to its stealthy BlackCat 2.0 ransomware and supporting infrastructure in exchange for a cut of the crypto generated from attacks.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Investigators say all three men agreed to pay the ALPHV administrators a 20% share of any ransom made using the Russian-linked gang’s signature variant.

In the case of the medical device company, the trio was said to have split the $1.2 million in proceeds three ways, laundering the funds through various means.

Coincidentally, during the same December 2023 timeframe, the FBI seized ALPHV/BlackCat’s darknet website, kicking off a year-long cat-and-mouse game with the agency – eventually ending with the notorious gang abruptly exiting the stage the following December.

ALPHV/BlackCat ransomware group
US Federal Bureau of Investigation (FBI)

In a nutshell, ALPHV allegedly closed up shop, pocketing a $22 million ransom paid by the gang’s latest victim, UnitedHealth Group’s Change Healthcare, that was meant to be shared with several now-disgruntled affiliates – including the infamous M&S hackers, Scattered Spider.

Rumors soon began to swirl that the ransomware cartel may have faked its own takedown as part of a “classic ransomware exit scam" to rebrand under a different name when law enforcement is bearing down. Either way, the MGM hackers have not been heard of since.

ADVERTISEMENT

It’s unknown whether the accused were among those abandoned affiliates.

According to court documents, ALPHV/BlackCat is said to have targeted the computer networks of more than 1,000 victims worldwide during its existence. At one point, the FBI issued a $15 million reward for information leading to the capture of any members of the group.

ALPHV/BlackCat $15 reward
US Federal Bureau of Investigation (FBI)

Goldberg and Martin each pleaded guilty to conspiring to extort others by interfering with interstate commerce, a federal crime under US law, according to Monday’s announcement.

Sentencing for both men is set for March 12th, 2026. They each face a maximum penalty of 20 years in prison.

As part of its December takedown, the FBI released a decrypter tool to help at least 500 victims restore their previously encrypted networks, saving them tens of millions in ransom payments.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT