Ex-Ransomware Negotiators Accused of Targeting US Firms
▼ Summary
– Two cybersecurity professionals were indicted for conspiring with the ALPHV/BlackCat ransomware group to attack US companies and extort money.
– The defendants are Ryan Clifford Goldberg, an incident response manager, and Kevin Tyler Martin, a ransomware negotiator, along with an unnamed third person from Florida.
– They face charges including conspiracy to interfere with interstate commerce by extortion and intentional damage to a protected computer.
– The group allegedly targeted at least five organizations between May 2023 and April 2025, with one victim paying approximately $1.27 million in cryptocurrency.
– Other victims included companies in Maryland, California, and Virginia, and law enforcement previously seized ALPHV/BlackCat leak sites and provided a decryptor to victims.
A federal indictment in Florida has charged two cybersecurity professionals, formerly employed as ransomware negotiators, with conspiring to deploy the notorious ALPHV/BlackCat ransomware against American companies. The case alleges that these individuals, who were supposed to help victims, instead secretly partnered with the cybercriminals they were meant to combat. The scheme reportedly led to the extortion of nearly $1.3 million from a single victim.
The unsealed indictment from the Southern District of Florida names Ryan Clifford Goldberg of Watkinsville, Georgia, and Kevin Tyler Martin of Roanoke, Texas. They face serious charges including conspiracy to interfere with interstate commerce by extortion and intentional damage to a protected computer. At the time of the alleged crimes, Goldberg held a position as an incident response manager with Sygnia Cybersecurity Services. Martin worked as a ransomware threat negotiator for DigitalMint, a company that specializes in helping victims negotiate and pay ransoms using cryptocurrency.
Authorities identified a third, unnamed individual from Land O’Lakes, Florida, who was also involved in the attacks. This person was similarly employed as a ransomware threat negotiator at DigitalMint. The indictment details a conspiracy that unfolded between May 2023 and April 2025, during which the trio is accused of collaborating with the ALPHV/BlackCat ransomware group to infiltrate and extort a minimum of five victim organizations.
The attacks involved demands for multimillion-dollar ransoms. In one particularly damaging instance, a medical device manufacturer based in Tampa paid approximately $1.27 million in cryptocurrency to recover access to its servers, which had been completely encrypted by the attackers. Other companies targeted in the scheme were located in Maryland, California, and Virginia, highlighting the widespread nature of the criminal operation.
This case emerges against a backdrop of significant law enforcement action against the ALPHV/BlackCat syndicate. In late 2023, authorities successfully seized the group’s leak sites and provided a decryption tool to assist victims. The ransomware gang, which operated a ransomware-as-a-service model, later gained further notoriety after executing an exit scam following a major attack on Change Healthcare in the United States.
(Source: HelpNet Security)
