-
Two ex-cybersecurity pros are in hot water with the feds for supposedly being tied to the ALPHV BlackCat ransomware gang.
-
They’re accused of hitting at least five companies in the U.S., one of which was a medical device company that coughed up $1.27 million to get their data back.
-
These charges, filed in Florida, show that the government’s serious about going after ransomware folks, even when they’re using cryptocurrencies to hide.
Prosecutors have sued two men who worked in cybersecurity and accused them of carrying out cyber attacks.
The duo supposedly utilized a nasty ransomware called ALPHV BlackCat to target major American companies.
The Accused: From Protectors to Predators
Federal prosecutors just charged two cybersecurity pros — Ryan Clifford Goldberg from Georgia and Kevin Tyler Martin from Texas. Both men orchestrated a very sophisticated ransomware attack that targeted American businesses.
The charges are serious – they include conspiracy to commit extortion and intentional damage to protected computers.
The indictment says these men weren’t just experts. They were the threat. They say these men took their technical know-how and used it for the wrong reasons, launching ALPHV BlackCat ransomware attacks on a bunch of businesses from May 2023 through April 2025.
The ALPHV BlackCat Playbook
ALPHV BlackCat is a big deal in the ransomware world. It operates like a sinister business. Developers create malicious software. Then, they recruit “affiliates” to do the dirty work.
Goldberg and Martin were allegedly those affiliates. They would break into company networks. Then, they stole sensitive data and locked files with encryption. Finally, they demanded a ransom to give it all back.
They operated through a dark web market panel. This hidden site was their command center. Victims would go there to negotiate and pay. The system was slick and efficient. It led to attacks on hundreds of groups worldwide.
A Trail of Ransomware Attacks
The court documents detail five specific attacks. The men allegedly went after a wide range of industries. Each time, it was pretty much the same pattern: encrypt the files, then demand money.
For example, back in May of 2023, they hit up a medical device company down in Tampa and wanted a whole $10 million. The company eventually paid $1.27 million in cryptocurrency to get back online. This gang’s playbook remains active, as seen in the recent attack on Henry Schein’s TriMed by a notorious cyber gang, showcasing the ongoing threat to the healthcare and technology sectors.
Other victims included a Maryland pharmaceutical company and a California doctor’s office. The doctor’s office faced a $5 million ransom demand. A California engineering firm was hit for $1 million. A Virginia drone manufacturer was also targeted for $300,000.
The total damage from their spree is immense. Victims paid tens of millions in cryptocurrency. They also suffered major operational headaches and had their sensitive data stolen.
Possible Penalties and Punishment for the Accused
Goldberg and Martin both face similar penalties. These include a 20-year jail sentence for charges related to extortion and another 10 years in prison for computer damage charges. Also, they may have to pay fines up to $250,000 or disgorge twice the total amount they obtained through their criminal activities.
Prosecutors are requesting asset forfeiture on all the traceable proceeds of the ransomware operation.
Law enforcement authorities are now seriously going after bad actors who launch ransomware attacks. This intensified focus follows a string of successful disruptions, including the recent FBI takedown of a dark web cell linked to the Qantas hack. This case is a big win for them. It indicates they are able to link the crimes to the people behind them – using cryptocurrency does not fully hide their tracks.
The message is quite clear – engaging in ransomware attacks results in harsh consequences.
