• Home
  • cyber
  • Sygnia: 2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates
cyber Cyber Attack

Sygnia: 2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Dec 30, 2025 2 min read
Sygnia: 2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Two Cybersecurity Professionals Plead Guilty as BlackCat Ransomware Affiliates

Two former cybersecurity professionals, Ryan Goldberg (40, Georgia) and Kevin Martin (36, Texas), have pleaded guilty to conspiring with a third, unnamed accomplice to deploy BlackCat (Alphv) ransomware against five U.S. companies, including three healthcare organizations. The attacks, conducted between April and December 2023, earned the group at least $1 million from a single victim—a Florida-based medical device manufacturer.

Goldberg, an incident response manager at Sygnia, and Martin, a ransomware negotiator at DigitalMint, exploited their industry expertise to facilitate the extortion scheme. As BlackCat affiliates, they received 80% of ransom payments, with the remaining 20% going to the ransomware-as-a-service (RaaS) operators. The proceeds were laundered through cryptocurrency mixing services and multiple wallets.

Both men pleaded guilty on December 18 in the U.S. District Court for the Southern District of Florida to conspiracy to commit extortion, facing up to 20 years in prison, three years of supervised release, and a $250,000 fine. They also agreed to forfeit $324,123.26 each in illicit gains. Sentencing is scheduled for March 12, 2026.

The FBI revealed that Goldberg admitted in a June 2024 interview to being recruited for the scheme, which targeted the medical device firm. Days later, Goldberg and his wife fled to Paris on one-way tickets, though he returned to the U.S. by October for his arraignment. Martin was released on a $400,000 bond.

BlackCat, a Russian-linked RaaS operation active since 2021, has extorted hundreds of millions from over 500 victims worldwide. The FBI released a decryption tool in December 2023 to help some victims recover data. The group’s operations collapsed in early 2024 after its administrators allegedly stole a $22 million ransom from UnitedHealth Group’s Change Healthcare breach, betraying their affiliate.

Both DigitalMint and Sygnia condemned the defendants’ actions, stating they were unaware of their employees’ criminal activities. DigitalMint cooperated with the DOJ investigation, while Sygnia terminated Goldberg upon learning of the charges.

Source: https://www.bankinfosecurity.com/2-cyber-pros-admit-to-being-blackcat-ransomware-affiliates-a-30415

Sygnia cybersecurity rating report: https://www.rankiteo.com/company/sygnia

"id": "SYG1767124211",
"linkid": "sygnia",
"type": "Cyber Attack",
"date": "12/2023",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Florida, USA',
                        'name': 'Florida-based medical device maker',
                        'type': 'Healthcare / Medical Device'},
                       {'industry': 'Healthcare',
                        'location': 'USA',
                        'type': 'Healthcare Organizations'},
                       {'location': 'USA', 'type': 'Companies'}],
 'data_breach': {'data_encryption': 'Yes (Ransomware encryption)'},
 'description': 'Two cybersecurity professionals who moonlighted as BlackCat '
                'ransomware gang affiliates pleaded guilty to using the '
                'crypto-locking malware to extort victims in the United '
                'States. They extorted at least five firms, including a '
                'medical device maker, earning $1 million from one victim.',
 'impact': {'financial_loss': '$1.2 million (from one victim)',
            'legal_liabilities': 'Fines and forfeiture of $324,123.26 per '
                                 'defendant'},
 'investigation_status': 'Guilty pleas entered; sentencing scheduled for March '
                         '12, 2026',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': 'Insider threat (cybersecurity '
                                           'professionals abusing their '
                                           'skills)'},
 'ransomware': {'data_encryption': 'Yes',
                'ransom_paid': '$1.2 million (from one victim)',
                'ransomware_strain': 'BlackCat (ALPHV)'},
 'references': [{'source': 'Information Security Media Group (ISMG)'},
                {'source': 'Department of Justice (DOJ)'},
                {'source': 'FBI Affidavit'}],
 'regulatory_compliance': {'legal_actions': 'Conspiracy to obstruct, delay, or '
                                            'affect commerce by extortion; '
                                            'interference with commerce by '
                                            'extortion; intentional damage to '
                                            'a protected computer'},
 'response': {'law_enforcement_notified': 'Yes (FBI, DOJ)'},
 'threat_actor': 'BlackCat (ALPHV) Ransomware Gang',
 'title': 'Two Cyber Pros Admit to Being BlackCat Ransomware Affiliates',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.