Former Cybersecurity Professionals Sentenced to 4 Years for BlackCat Ransomware Attacks
- May 1
- 3 min read
Key Findings
Ryan Goldberg and Kevin Martin sentenced to four years in prison each for facilitating BlackCat ransomware attacks in 2023
Both defendants were employed in legitimate cybersecurity roles at the time of their crimes
The pair, along with co-conspirator Angelo Martino, extorted approximately $1.3 million from a medical company in a single attack
Goldberg fled to Europe after being interviewed by the FBI but was tracked across 10 countries and arrested in Mexico City
Martino exploited his position as a ransomware negotiator to share victims' confidential information with BlackCat operators, facilitating $75.3 million in total extortion
BlackCat ransomware-as-a-service operation targeted over 1,000 victims worldwide before ceasing operations
Background
The case centers on three cybersecurity professionals who turned their expertise toward criminal activity. Ryan Goldberg worked as an incident response manager at Sygnia, while Kevin Martin served as a ransomware negotiator at DigitalMint. Angelo Martino held a similar position at DigitalMint. Between April and December 2023, the three men conspired to deploy BlackCat ransomware against multiple U.S. victims. They partnered with the ALPHV BlackCat operators, agreeing to pay the administrators 20% of any ransom proceeds in exchange for access to the ransomware and extortion platform.
The Attack Campaign
Goldberg and Martin's attacks targeted five separate organizations across different industries. Their victims included a Florida-based medical company, a Maryland pharmaceutical company, a California doctor's office, a California engineering company, and a Virginia drone manufacturer. The most profitable attack occurred in May 2023 when they successfully extorted $1.3 million in Bitcoin from the medical company. The three conspirators split their 80% share equally among themselves, then worked to launder the funds to conceal the source of the money.
Martino's Unique Advantage
Angelo Martino's situation was particularly egregious because he occupied a position of trust at DigitalMint, where he was assigned to negotiate ransomware payments on behalf of victimized clients. Rather than protecting these organizations, Martino used his access to confidential information about their internal negotiating positions and insurance policy limits to maximize ransom demands. He facilitated attacks on five victims who had hired DigitalMint for protection, and all five ultimately paid ransoms. Across all his activities, Martino helped orchestrate $75.3 million in total extortion payments.
Legal Consequences and Sentencing
Goldberg and Martin each pleaded guilty in December 2025 and received identical four-year sentences, despite their different criminal histories. Martino pleaded guilty earlier and faces up to 20 years in federal prison, with sentencing scheduled for July 2026. The disparity in Goldberg's arrest process was notable—while Martin was arrested without incident in October and released on bond, Goldberg fled the country in June. After a 10-day delay following his FBI interview, he boarded a one-way flight to Paris with his wife. He remained in Europe for three months before attempting to travel through Mexico City, where he was arrested at the airport and deported to face prosecution.
Law Enforcement Response
Federal agencies emphasized the seriousness of the case and their commitment to tracking cybercriminals globally. The FBI tracked Goldberg through 10 countries during his three-month fugitive period, demonstrating the extensive resources devoted to apprehending cyber criminals. U.S. Attorney Jason Reding Quiñones stated that the defendants "exploited specialized cybersecurity knowledge not to protect victims, but to extort them," locking down critical systems and stealing sensitive data to pressure businesses into payment. The Justice Department's criminal division assistant attorney general noted that the attackers caused particular harm by targeting medical and engineering companies, including leaking patient data from a doctor's office victim.
Broader Implications
The case highlights vulnerabilities in the ransomware negotiation industry, where professionals operate with minimal oversight. Martino's ability to simultaneously work as a negotiator for victims and a conspirator with attackers represents a rare but serious threat. The BlackCat ransomware-as-a-service operation, before its dissolution, had impacted over 1,000 victims worldwide, making this case representative of a much larger criminal enterprise. The sentencing sends a message that cybersecurity professionals who abuse their specialized knowledge and trusted positions face significant federal penalties and international pursuit.
Sources
https://thehackernews.com/2026/05/two-cybersecurity-professionals-get-4.html
https://cyberscoop.com/incident-responders-ryan-goldberg-kevin-martin-sentenced-ransomware/
https://darkwebinformer.com/when-the-defenders-become-the-attackers-two-u-s-cybersecurity-pros-sentenced-in-blackcat-ransomware-case/
https://www.linkedin.com/posts/cyber-news-live_former-incident-responders-sentenced-to-4-activity-7455851096922730496-WdxH

Comments