Two American men have pleaded guilty in US federal court to conspiring to carry out ransomware attacks that targeted victims across the United States in 2023, according to court documents.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, admitted to participating in a scheme that used the ALPHV BlackCat ransomware between April and December 2023. Goldberg worked at incident response firm Sygnia, while Martin, served as a ransomware negotiator for financial technology company DigitalMint. Goldberg was arrested on September 22, followed by Martin’s arrest on October 14.
Along with another co-conspirator, the men deployed the ransomware against multiple victims nationwide. In exchange for access to ALPHV BlackCat’s ransomware and extortion platform, the group agreed to give the ransomware administrators 20% of any ransom payments collected.
Court filings state that the defendants, all of whom worked in the cybersecurity industry, used their specialized knowledge to carry out the attacks. In one incident, the group successfully extorted approximately $1.2 million in Bitcoin from a victim. The conspirators then split their 80% share of the ransom and laundered the proceeds through various methods.
ALPHV BlackCat, which operated as a ransomware-as-a-service operation, is believed to have targeted more than 1,000 victims worldwide. In December 2023, the Justice Department disrupted the group, with the FBI developing a decryption tool that helped victims recover their systems.
Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion. They are scheduled to be sentenced on March 12, 2026, and each faces a maximum penalty of 20 years in prison.