Former Cybersecurity Experts Sentenced to 4 Years for Ransomware Attacks Using BlackCat Malware

Two former cybersecurity professionals who used their expertise to launch ransomware attacks in 2023 were each sentenced to four years in prison, the U.S. Department of Justice announced on Thursday.

Ryan Clifford Goldberg, 40, and Kevin Tyler Martin, 36, previously pleaded guilty to one of three charges brought against them in December. Both faced up to 20 years in prison for their roles in a series of ransomware attacks conducted over a six-month period in 2023.

Goldberg, who served as a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with Angelo John Martino III to deploy ALPHV, also known as BlackCat, ransomware. The trio targeted victim computers and networks, encrypting critical systems, stealing sensitive data, and demanding ransom payments to restore access.

“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them. They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”
— Jason A. Reding Quiñones, U.S. Attorney for the Southern District of Florida

The victims of their attacks included:

• A medical company based in Florida
• A pharmaceutical company based in Maryland
• A doctor’s office in California
• An engineering company based in California
• A drone manufacturer in Virginia

“They harmed important firms who were providing medical and engineering services. They played hardball with them, going so far as to cause the leak of patient data from a doctor’s office victim.”
— A. Tysen Duva, Assistant Attorney General of the Justice Department’s Criminal Division

Duva further emphasized the betrayal of trust, stating:

“These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed. Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others.”

Despite differences in their arrest circumstances, Goldberg and Martin received identical four-year sentences. Martin was arrested without incident in October 2023 and released on bond later that month. Goldberg, however, fled the country in June 2023, just 10 days after an FBI interview. He was arrested on September 22 and held without bail due to flight risk.

Goldberg and his wife boarded a one-way flight from Atlanta to Paris on June 27, 2023, and remained in Europe until his arrest on September 21. He was detained upon landing in Mexico City after flying from Amsterdam and subsequently deported to the United States.

“When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims.”
— Brett Leatherman, Assistant Director of the FBI’s Cyber Division

The cases against Goldberg, Martin, and their co-conspirator Martino underscore the rare but extreme risks posed by ransomware negotiation as a practice. Unscrutinized backchannel negotiations can lead to severe consequences, as evidenced by the $1.3 million ransom payment extorted by Goldberg and Martin.