-
Two US cybersecurity experts pleaded guilty to working as BlackCat ransomware affiliates, betraying the industry they worked in.
-
They testified before a US court regarding their involvement in a two million dollar extortion scheme and have pleaded guilty to being the masterminds behind the scheme.
-
The duo were originally hired to provide cybersecurity services for two of the largest corporations in the United States, but are now facing a possible maximum prison sentence of 20 years by March 12.
Both men admit they were behind a two-million-dollar extortion scheme and used their expertise as cybersecurity professionals to perpetrate a crime against organisations they were trained to protect.
Ryan Goldberg and Kevin Martin shifted from working as cyber defenders to engaging in criminal activities. The two security experts turned ransomware affiliates now face federal charges and up to 20 years in prison for their work with the notorious BlackCat gang.
From Protectors to Predators
40-year-old Ryan Goldberg from Georgia, and 36-year-old Kevin Martin from Texas confessed to the crimes they committed in a federal court in Florida on December 29. Authorities have identified another person involved in the scheme, but have not released the name.
All three men had built careers in cybersecurity. They possessed “special skills and experience in securing computer systems.” They used that expertise to inflict the very harm they were paid to prevent.
Martin and the third conspirator previously worked for DigitalMint, a Chicago-based incident response firm. Goldberg was a former employee of Sygnia, an Israeli cybersecurity company. Their inside knowledge made them exceptionally dangerous.
The US Department of Justice detailed their criminal activity. In 2023, between April and December, they launched ALPHV/BlackCat ransomware attacks on some US targets.
They even collected about $1.2 million in Bitcoin from one of the victims. The guys kept 80% of that cash and split it three ways. They then laundered the illicit funds through various methods.
The Companies React and the Legal Reckoning
The security firms were quick to distance themselves. According to a spokesperson for DigitalMint, the employees involved in this case “acted entirely outside their roles as DigitalMint employees,” and the company claims it did not have any previous knowledge of or involvement in this case. The individuals had already been terminated. DigitalMint emphasized its full cooperation with the DOJ investigation.
Like DigitalMint, Sygnia told the media it was “very pleased to see the conclusion of the case” and said it fully cooperated with law enforcement. Based on its internal probe, Sygnia confirmed Goldberg acted alone. The company has clearly indicated that no client suffered as a result of its conduct.
The BlackCat syndicate was a cybercrime syndicate that provided ransomware services for multiple affiliates. The group carried out more than 1,100 ransomware attacks before federal agents disrupted its operations in late 2023. Although the group’s operations ended, an affiliate subsequently executed a major ransomware scheme against Change Healthcare in 2024.
Goldberg and Martin confessed to conspiracy and extortion related to interstate business. On March 12, the two defendants will receive their sentences, which may result in receiving 20 years of imprisonment each.
The prosecution of these two is part of a new proactive approach by law enforcement to combat and prosecute organized cybercrime syndicates. A man from Ukraine previously pled guilty earlier this month to taking part in the Netfilm Ransomware Scheme.
A Warning for the Cybersecurity Space
This story is a disturbing reminder. The biggest threat to security can sometimes come from within, a theme echoed in the recent case of a Scottish ex-lawyer whose professional downfall led to a dark web criminal conspiracy. These professionals chose a path of betrayal for quick financial gain. Their actions damage the reputation of an entire industry built on trust. Companies like DigitalMint and Sygnia now have to rebuild client confidence. They must prove their internal safeguards are robust.
Additionally, it shows how law enforcement has expanded its ability to track and apprehend those who utilise digital currency, even sophisticated criminals. a capability also demonstrated in the recent prosecution of a multi-state dark web drug ring. A 20-year possible sentence is clearly a strong deterrent.
It tells other skilled professionals that crossing this line has severe consequences. The very skills that make them valuable defenders make their crimes easier to trace. The upcoming sentencing will be a defining moment, the close of a chapter on a shocking breach of professional ethics. The cybersecurity world will be watching closely.
