Two cybersecurity pros get 4 years for BlackCat ransomware
Ryan Goldberg and Kevin Martin were sentenced to four years for aiding 2023 BlackCat ransomware attacks that extorted U.S. victims, including about $1.2 million in Bitcoin, the DOJ said.
The U.S. Department of Justice announced Thursday that Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, each received four-year prison terms for helping deploy ALPHV/BlackCat ransomware against multiple U.S. victims between April and December 2023. Both men pleaded guilty in December 2025 and were sentenced after cooperating with prosecutors.
According to the department, the two conspired with Angelo Martino, 41, of Florida, to access BlackCat’s extortion platform. The defendants paid BlackCat administrators a 20% fee for use of the ransomware and the group’s negotiation tools, and kept the remaining 80% of ransom payments for themselves.
Prosecutors say the three split roughly $1.2 million in Bitcoin after extorting one victim and then moved the funds through cryptocurrency transactions to hide the proceeds. Martino pleaded guilty last week and is scheduled for sentencing in July 2026. Authorities allege Martino used his role as a negotiator to increase payouts by sharing victims’ insurance limits with BlackCat operators.
Goldberg worked as an incident response manager for cybersecurity firm Sygnia. Martin and Martino were employed by DigitalMint. The Justice Department noted the defendants had industry experience and used that technical knowledge to carry out the attacks.
U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida said, “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.” He described the conduct as exploitation of specialized skills for criminal gain.
BlackCat, also called ALPHV, operated as a ransomware-as-a-service platform that supplied malware and an extortion infrastructure to affiliates in exchange for a share of ransom payments. The group is estimated to have targeted more than 1,000 victims worldwide before the service ceased operating. The DOJ said the sentences are part of ongoing enforcement against individuals who use technical expertise to facilitate digital extortion.
