Federal prosecutors in the United States have indicted three individuals, including a cybersecurity incident response manager and ransomware negotiators, for allegedly operating as part of a BlackCat (ALPHV) ransomware operation. The group is accused of targeting five U.S. companies between May and November 2023, deploying ransomware, and extorting victims for significant sums.
The indictment details how Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator allegedly infiltrated the networks of businesses in the medical device, pharmaceutical, legal, engineering, and drone manufacturing sectors. The attacks involved unauthorized access, data theft, and the deployment of BlackCat ransomware, with the illicit proceeds being divided among the defendants.
At the time of the alleged offenses, Martin and the co-conspirator were reportedly employed as ransomware negotiators for DigitalMint, while Goldberg served as an incident response manager for Sygnia. Both DigitalMint and Sygnia have confirmed that the individuals are no longer with their respective firms and that the companies are cooperating with law enforcement. This case follows a Bloomberg report from July 2025 indicating an FBI investigation into a former DigitalMint employee suspected of receiving kickbacks from ransomware payments.
The indictment outlines specific ransom demands, including approximately $10 million from a medical device company, of which the victim paid the equivalent of $1.27 million in cryptocurrency. Other demands ranged from $300,000 to $5 million, though not all victims made payments. While Martin has pleaded not guilty, Goldberg reportedly confessed to participating in the ransomware activities during an interview with the FBI, stating his motivation was to alleviate personal debt. The third individual has not yet been indicted.
Goldberg and Martin face charges including conspiracy to interfere with interstate commerce by extortion and intentional damage to a protected computer, carrying a potential maximum penalty of 50 years in federal prison. Access to detailed court documents and initial reporting from the Chicago Sun-Times was hindered due to technical access issues. The ongoing prosecution highlights the challenges posed by insider threats within the cybersecurity industry and the persistent threat of ransomware operations.