Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV) ransomware between May and November 2023 and extorting them.
Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co–conspirator (aka “Co-Conspirator 1”) based in Florida, all U.S. nationals, are said to have used the ransomware strain against a medical device company based in Tampa, Florida, a pharmaceutical company based in Maryland, a doctor’s office based in California, an engineering company based in California, and a drone manufacturer based in Virginia.
The Chicago Sun-Times first reported the indictment over the weekend, stating Martin and Co-Conspirator 1 were employed as ransomware threat negotiators for a company named DigitalMint at the time when these incidents took place. Goldberg was an incident response manager for cybersecurity company Sygnia.
All three individuals are no longer working at the respective firms, with both DigitalMint and Sygnia stating they have cooperated with law enforcement on the matter. In July 2025, Bloomberg reported that the U.S. Federal Bureau of Investigation (FBI) was looking into a former employee of DigitalMint for supposedly taking a cut from ransomware payments.
According to the indictment document, Goldberg, Martin, and the co-conspirator have been accused of wilfully engaging in a conspiracy to “enrich” themselves by accessing victims’ networks or computers in an unauthorized manner, stealing their data, installing the BlackCat ransomware on their systems in exchange for a cryptocurrency payment, and dividing the illicit proceeds amongst them –
- Around May 13, 2023, the defendants attacked the medical device firm and demanded an approximate $10,000,000 ransom payment. The company ended up paying virtual currency worth approximately $1,274,000 at the time of payment.
- Around May 2023, the defendants attacked the firm and demanded an unspecified amount as ransom.
- Around July 2023, the defendants attacked the doctor’s office and demanded an approximate $5,000,000 ransom payment.
- Around October 2023, the defendants attacked the engineering company and demanded an approximate $1,000,000 ransom payment.
- Around November 2023, the defendants attacked the drone manufacturer and demanded an approximate $300,000 ransom payment.
It’s said that they did not manage to extort a financial payment from the other victims. While Martin has pleaded not guilty, court records show that Goldberg allegedly confessed to being recruited by the unnamed co-conspirator to “try and ransom some companies” during an interview with the FBI and that he conducted the attacks to get out of debt. The third individual has not been indicted.
Both Goldberg and Martin have been charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to a protected computer. These accusations could incur a maximum penalty up to 50 years in federal prison.
