Two Cybersecurity Workers Jailed for BlackCat Ransomware Attacks
▼ Summary
– Two US cybersecurity workers, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023.
– The men pleaded guilty in December 2025 and worked with a third accomplice, Angelo Martino, who pleaded guilty in April and will be sentenced in July.
– Goldberg and Martin paid BlackCat administrators a 20% share of ransom payments, splitting the remaining 80% among themselves.
– In one attack, they received a $1.2 million Bitcoin ransom; in another, they leaked patient data from a healthcare victim.
– Prosecutors condemned them for using their cybersecurity skills to commit the harm they were supposed to prevent.
Two American cybersecurity professionals have been sentenced to federal prison for their involvement in BlackCat ransomware attacks that targeted multiple organizations across the United States.
Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas, each received a four-year prison sentence for their roles in facilitating ransomware campaigns during 2023, according to an April 30 statement from the U. S. Department of Justice. Both men pleaded guilty to the charges in December 2025.
The pair collaborated with Angelo Martino, 41, of Florida, who pleaded guilty on April 20 to working with BlackCat. Martino, a former ransomware negotiator, is scheduled for sentencing in July.
The BlackCat ransomware group, also known as ALPHV, first appeared in 2021. From 2022 through 2024, it ranked among the most aggressive and notorious ransomware operations, targeting victims worldwide. Attackers frequently demanded millions in ransom payments for decryption keys. The group also employed double-extortion tactics, leaking stolen data from victims who declined to pay.
According to court documents, Goldberg and Martin helped launch ransomware attacks against a variety of victims and funneled 20% of any ransom payments they received to BlackCat administrators.
In one incident, Goldberg, Martin, and Martino collected a Bitcoin ransom worth $1.2 million. They gave 20% to BlackCat and split the remaining 80% among themselves. In another attack, the former cybersecurity workers leaked patient data from a healthcare industry victim.
Prosecutors condemned the men for using the specialized skills they had gained in the cybersecurity field to actively commit the very crimes they were supposed to prevent.
“These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed,” said Assistant Attorney General A. Tysen Duva of the U. S. Justice Department. “Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others.”
Before being apprehended by the FBI, Goldberg attempted to flee. Agents tracked him across ten countries before capturing him.
“Today’s sentencings show that ransomware criminals can operate anywhere, including right here in the United States, and that the FBI is actively working to track them down and dismantle their networks , wherever they exist,” said Assistant Director Brett Leatherman of the FBI’s cyber division. “Goldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the U. S., but the FBI’s global reach ensured that they ultimately faced justice.”
(Source: Infosecurity Magazine)