Federal prosecutors in the United States have indicted three individuals, including cybersecurity professionals, for allegedly hacking into the networks of five U.S. companies using BlackCat (also known as ALPHV) ransomware between May and November 2023. The group is accused of deploying the ransomware and extorting victims for cryptocurrency payments.
The indictment, unsealed over the weekend, names Ryan Clifford Goldberg, a former incident response manager at cybersecurity firm Sygnia, and Kevin Tyler Martin, identified as a former ransomware threat negotiator for DigitalMint. A third individual, referred to as “Co-Conspirator 1,” is also implicated. All three are U.S. nationals based in Florida.
Prosecutors allege that Goldberg, Martin, and the co-conspirator gained unauthorized access to victim networks, stole data, and installed BlackCat ransomware, demanding cryptocurrency payments in exchange for data decryption or non-disclosure. The targeted entities included a medical device company in Tampa, Florida, a pharmaceutical company in Maryland, a doctor’s office in California, an engineering company in California, and a drone manufacturer in Virginia.
The medical device firm reportedly paid approximately $1,274,000 in virtual currency after a ransom demand of $10,000,000. Other ransom demands varied, with requests for $5,000,000 from the doctor’s office and $300,000 from the drone manufacturer, though not all victims reportedly paid.
According to court documents, Goldberg allegedly confessed to FBI agents during an interview that he was recruited by the unnamed co-conspirator to engage in ransomware activities to alleviate personal debt. Martin has pleaded not guilty to the charges. The third individual has not been publicly indicted.
Goldberg and Martin face charges including conspiracy to interfere with interstate commerce by extortion and intentional damage to a protected computer. These charges carry a potential maximum penalty of 50 years in federal prison. Both DigitalMint and Sygnia have stated they are cooperating with law enforcement investigations, and neither individual remains employed at their respective firms. The U.S. Federal Bureau of Investigation (FBI) had previously been reported to be investigating a former DigitalMint employee for alleged kickbacks from ransomware payments.
The case highlights the persistent threat of ransomware and the potential for insider involvement within the cybersecurity sector.