Cybersecurity professionals admitted to running ransomware attacks against many American victims.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, both cybersecurity professionals, have pleaded guilty in federal court after being linked to a string of ransomware attacks that targeted victims across the United States. The case centers on the use of ALPHV, also known as BlackCat ransomware, a harmful software designed to lock computer systems and demand payment for their release. The attacks took place during 2023 and affected businesses and organizations nationwide.
Court records show that the two men, along with another partner, worked together to break into computer networks and deploy the ransomware. In exchange for access to the BlackCat system and its online tools, they agreed to give a share of any ransom money to the group that ran the malware. That share was set at 20 percent, with the remaining amount split among the attackers. In one successful case, the group collected about $1.2 million in Bitcoin from a single victim and divided the proceeds after taking steps to hide the money’s origin.
What made the case stand out was the background of those involved. All three men were employed in the cybersecurity field, a line of work meant to protect systems from attacks like the ones they carried out. Prosecutors noted that the defendants had the training and access needed to stop cybercrime but instead used those skills to profit from it. Federal officials described the conduct as a serious betrayal of trust that harmed innocent victims and disrupted normal business operations.
The ransomware used in the attacks was part of a larger criminal operation that affected more than 1,000 victims worldwide. The BlackCat group followed a model where the creators of the malware built and updated the software, while partners carried out the attacks. When victims paid to regain access to their data, the money was split between both sides. This setup allowed the ransomware to spread widely and made it harder for victims to identify who was behind each attack.
The guilty pleas come after earlier efforts by federal authorities to disrupt the same ransomware group. In late 2023, investigators developed a tool that allowed many victims to unlock their systems without paying. That action saved an estimated $99 million in ransom payments and led to the seizure of several websites linked to the group. Officials said these steps showed that law enforcement can weaken even large cybercrime operations through cooperation and technical work.
Both defendants pleaded guilty to conspiracy involving extortion that affected interstate commerce. Each now faces the possibility of up to 20 years in prison. Sentencing is scheduled for March 2026, and a judge will decide the final punishment after reviewing federal guidelines and other legal factors. Authorities emphasized that the outcome sends a message that cybercrime carried out from within the United States will be pursued just as strongly as attacks launched from abroad.
The investigation was led by the FBI with help from other federal agencies and international partners. Prosecutors credited cooperation across offices and borders as key to building the case. Officials also urged businesses to report ransomware incidents quickly and to be careful when hiring outside firms for response and recovery work.
Federal agencies continue to encourage victims and tipsters to come forward, noting that early reports help protect others from harm. The case adds to a growing list of prosecutions tied to ransomware and reflects ongoing efforts to hold offenders accountable, recover stolen funds, and reduce the impact of digital extortion on the public and private sectors.
Sources:
Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
Georgia and Texas cyber experts admit to ransomware plot in Florida court: FBI
Join the conversation!