California doctor’s office and California engineering firm: US cybersecurity professionals plead guilty to Blackcat ransomware attacks

Former Cybersecurity Pros Plead Guilty to ALPHV Ransomware Extortion Scheme

Two former cybersecurity professionals, Ryan Clifford Goldberg (Georgia) and Kevin Tyler Martin (Texas), have pleaded guilty to deploying ALPHV (BlackCat) ransomware in a series of extortion attacks targeting U.S. organizations. The pair successfully extorted $1.2 million from a medical device company in 2023 and attempted—but failed—to extort millions more from additional victims, including a Maryland pharmaceutical firm, a California doctor’s office, a California engineering company, and a Virginia drone manufacturer.

Goldberg, a former incident response manager at Sygnia, and Martin, a former ransomware threat negotiator at DigitalMint, were initially indicted in November 2024 alongside a third co-conspirator. The indictment accused them of infiltrating corporate networks, stealing data, encrypting systems, and demanding cryptocurrency ransoms. Prosecutors noted that the defendants exploited their cybersecurity expertise to commit crimes they were trained to prevent.

The case falls under federal jurisdiction due to the victims’ involvement in interstate commerce. The ransom payments were allegedly laundered through multiple cryptocurrency wallets to obscure their origins. Both face charges including conspiracy to interfere with interstate commerce by extortion (up to 20 years in prison) and intentional damage to a protected computer (up to 10 years). Sentencing is set for March 12, 2026.

Source: https://www.techradar.com/pro/security/us-cybersecurity-professionals-plead-guilty-to-blackcat-ransomware-attacks

California doctor’s office TPRM report: https://www.rankiteo.com/company/california-restaurant-association

California engineering firm TPRM report: https://www.rankiteo.com/company/california-restaurant-association

"id": "calcal1767196967",
"linkid": "california-restaurant-association, california-restaurant-association",
"type": "Ransomware",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Healthcare/Medical Devices',
                        'location': 'United States',
                        'name': 'Unnamed medical device company',
                        'type': 'Medical Device Firm'},
                       {'industry': 'Pharmaceuticals',
                        'location': 'Maryland, United States',
                        'name': 'Unnamed Maryland-based pharmaceutical company',
                        'type': 'Pharmaceutical Company'},
                       {'industry': 'Healthcare',
                        'location': 'California, United States',
                        'name': 'Unnamed California doctor’s office',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Engineering',
                        'location': 'California, United States',
                        'name': 'Unnamed California engineering firm',
                        'type': 'Engineering Firm'},
                       {'industry': 'Aerospace/Defense',
                        'location': 'Virginia, United States',
                        'name': 'Unnamed Virginia drone manufacturer',
                        'type': 'Manufacturing'}],
 'attack_vector': 'Unauthorized network access, data exfiltration, and '
                  'encryption',
 'data_breach': {'data_encryption': 'Yes (ALPHV ransomware)',
                 'data_exfiltration': 'Yes'},
 'date_publicly_disclosed': '2024-11',
 'description': 'Two former cybersecurity professionals pleaded guilty to '
                'extorting $1.2 million from a medical device firm using ALPHV '
                'ransomware. They also attempted extortion against other '
                'organizations but were unsuccessful. Both face federal '
                'charges with possible 20-year prison sentences.',
 'impact': {'data_compromised': 'Yes',
            'financial_loss': '$1.2 million (paid ransom)'},
 'investigation_status': 'Guilty plea entered; sentencing pending (March 12, '
                         '2026)',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_demanded': ['$1.2 million',
                                    '$5 million',
                                    '$1 million',
                                    '$300,000'],
                'ransom_paid': '$1.2 million',
                'ransomware_strain': 'ALPHV (BlackCat)'},
 'references': [{'source': 'Cybernews'},
                {'source': 'TechRadar Pro'},
                {'source': 'US Department of Justice (DoJ)'}],
 'regulatory_compliance': {'legal_actions': 'Federal indictment (conspiracy to '
                                            'interfere with interstate '
                                            'commerce by extortion, '
                                            'interference with ecommerce by '
                                            'extortion, intentional damage to '
                                            'a protected computer)'},
 'response': {'law_enforcement_notified': 'Yes (FBI, DoJ)'},
 'threat_actor': 'Ryan Clifford Goldberg, Kevin Tyler Martin (ALPHV/BlackCat '
                 'ransomware affiliates)',
 'title': 'Ex-Cybersecurity Professionals Plead Guilty to ALPHV Ransomware '
          'Extortion Attempts',
 'type': 'Ransomware'}