The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023. The two defendants, who pleaded guilty to their crimes in December 2025, conspired with Angelo Martino, 41, of Florida, to conduct the attacks.
“The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV/BlackCat’s extortion platform,” the DoJ said.
“All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.”
In one case, the defendants are said to have successfully extorted a victim for approximately $1.2 million in Bitcoin, splitting their 80% share three ways and subsequently laundering the funds to cover up the tracks.
Although the BlackCat ransomware-as-a-service (RaaS) scheme no longer exists, the group is estimated to have targeted the computer networks of more than 1,000 victims around the world.
The development comes a week after Martino pleaded guilty to the same crime, and is scheduled to be sentenced in July 2026. In addition, Martino is said to have abused his role as a negotiator to extract higher payouts from victims by sharing confidential information about their insurance policy limits with the BlackCat operators.
Martino and Martin worked for DigitalMint, while Goldberg was employed as an incident response manager for cybersecurity company Sygnia.
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.”
