Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks Ravie LakshmananMay 01, 2026Data Breach / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023. The two defendants, who pleaded guilty to their crimes in December 2025, conspired with Angelo Martino, 41, of Florida, to conduct the attacks. "The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV/BlackCat's extortion platform," the DoJ said. "All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case." In one case, the defendants are said to have successfully extorted a victim for approximately $1.2 million in Bitcoin, splitting their 80% share three ways and subsequently laundering the funds to cover up the tracks. Although the BlackCat ransomware-as-a-service (RaaS) scheme no longer exists, the group is estimated to have targeted the computer networks of more than 1,000 victims around the world. The development comes a week after Martino pleaded guilty to the same crime, and is scheduled to be sentenced in July 2026. In addition, Martino is said to have abused his role as a negotiator to extract higher payouts from victims by sharing confidential information about their insurance policy limits with the BlackCat operators. Martino and Martin worked for DigitalMint, while Goldberg was employed as an incident response manager for cybersecurity company Sygnia. "These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them," said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. "They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Bitcoin, Cybercrime, cybersecurity, data breach, digital forensics, Incident response, insider threat, law enforcement, Malware, ransomware ⚡ Top Stories This Week Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking and More Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Load More ▼ ⭐ Featured Resources [Guide] Learn a Practical Framework to Evaluate AI Tools for Production [Webinar] Stop Chasing Alerts and Start Focusing on Real Exposures [Guide] How to Enable Secure Data Movement Without Added Risk Learn How Hidden Identity Blind Spots Weaken Your Security Systems