Two American cybersecurity experts pleaded guilty in a Florida federal court on Monday to a series of devastating ransomware attacks. The duo used the notorious ALPHV BlackCat software to extort American companies, while paradoxically working in the very sector that is supposed to prevent such attacks.
The suspects, Ryan Goldberg (40) from Georgia and Kevin Martin (36) from Texas, admitted that they held several organizations in the United States hostage between April and December 2023. According to the US Department of Justice, they did not use their specialized knowledge and training to secure systems, but to exert digital coercion for personal gain.
A hostage situation from within
The case is painful for the cybersecurity industry because both men possessed advanced skills to protect digital infrastructure. “These defendants used their experience to commit precisely the crimes they were supposed to stop,” said Assistant Attorney General A. Tysen Duva. “Internet extortion is just as damaging to innocent citizens as stealing money directly from their wallets.”
The duo operated under a Ransomware-as-a-Service (RaaS) model. They struck a deal with the administrators of the ALPHV BlackCat software: in exchange for access to the platform, the men would hand over 20 percent of the proceeds to the developers. They kept the remaining 80 percent for themselves.
Millions in Bitcoin loot
Court documents reveal just how lucrative the criminal activities were. In a single attack, Goldberg and Martin managed to extract approximately $1.2 million in Bitcoin from a victim. The profits were then divided among themselves and laundered through various methods.
The ALPHV BlackCat group is one of the world’s most active ransomware groups, estimated to have claimed more than a thousand victims worldwide. In December 2023, the FBI struck a blow against the group by developing a decryption tool that allowed hundreds of victims to restore their systems without paying. This saved companies approximately $99 million in ransom payments at the time.
Up to 20 years in prison
According to US authorities, the arrest of Goldberg and Martin proves that cyberthreats don’t always originate abroad. “Ransomware isn’t just a foreign threat; it can also come from within our own borders,” said District Attorney Jason A. Reding Quiñones.
The two men face heavy sentences. They have pleaded guilty to conspiracy to commit racketeering, a crime punishable by a maximum of 20 years in prison in the United States. A final sentencing hearing is scheduled for March 12, 2026.
The FBI is urging businesses to remain vigilant and warns that even third-party incident response providers must be thoroughly vetted. Ransomware victims are encouraged to report the incident immediately to prevent further spread of the malware.
