Two U.S. Cybersecurity Professionals Sentenced for ALPHV BlackCat Ransomware Attacks
The U.S. Department of Justice (DOJ) has sentenced two former cybersecurity professionals to four years in federal prison for their roles in ALPHV BlackCat ransomware attacks targeting U.S. organizations in 2023. Ryan Goldberg (40, Georgia) and Kevin Martin (36, Texas) pleaded guilty to conspiracy to obstruct commerce through extortion, alongside a third co-conspirator, Angelo Martino (41, Florida).
Operating as affiliates within the ALPHV BlackCat ransomware-as-a-service (RaaS) ecosystem, the trio deployed the ransomware between April and December 2023, extorting approximately $1.2 million in Bitcoin from at least one victim. They retained 80% of the ransom, splitting the proceeds evenly, while laundering the funds to conceal their origins. Their attacks disrupted critical sectors, including healthcare and engineering, and led to the exposure of sensitive patient data.
What sets this case apart is the attackers’ professional backgrounds they leveraged their cybersecurity expertise to bypass defensive measures, amplifying the sophistication and impact of their attacks. ALPHV BlackCat, known for its double-extortion tactics, has been linked to over 1,000 global victims. The group encrypts systems while exfiltrating data to pressure victims into paying ransoms.
The sentencing follows a December 2023 FBI operation that disrupted ALPHV’s infrastructure, seized websites, and released a decryption tool, saving organizations an estimated $99 million in potential ransom payments. Goldberg and Martin pleaded guilty in December 2025, while Martino who also acted as a ransomware negotiator and leaked victim data to escalate demands is scheduled for sentencing on July 9, 2026.
The FBI Miami Field Office led the investigation, with support from the U.S. Secret Service and international partners. Authorities tracked Goldberg across 10 countries as he attempted to evade arrest, highlighting the global effort to combat cybercrime. The DOJ’s Computer Crime and Intellectual Property Section (CCIPS), which prosecuted the case, has secured over 180 convictions and recovered more than $350 million in stolen funds since 2020.
This case underscores the growing threat of insider expertise being weaponized in ransomware operations and reinforces law enforcement’s commitment to prosecuting cybercriminals regardless of their background or location.
Source: https://gbhackers.com/alphv-blackcat-ransomware/
WST Technologies Private Limited cybersecurity rating report: https://www.rankiteo.com/company/wst-technologies-private-limited
ALPHV Technologies cybersecurity rating report: https://www.rankiteo.com/company/alphv-technologies
"id": "WSTALP1777890334",
"linkid": "wst-technologies-private-limited, alphv-technologies",
"type": "Ransomware",
"date": "4/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'U.S.',
'type': 'Healthcare organizations'},
{'industry': 'Engineering',
'location': 'U.S.',
'type': 'Engineering organizations'}],
'attack_vector': 'Ransomware-as-a-Service (RaaS)',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (double-extortion tactic)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Sensitive patient data, '
'personally identifiable '
'information (PII)'},
'description': 'The U.S. Department of Justice (DOJ) has sentenced two former '
'cybersecurity professionals to four years in federal prison '
'for their roles in ALPHV BlackCat ransomware attacks '
'targeting U.S. organizations in 2023. The trio deployed the '
'ransomware between April and December 2023, extorting '
'approximately $1.2 million in Bitcoin from at least one '
'victim. Their attacks disrupted critical sectors, including '
'healthcare and engineering, and led to the exposure of '
'sensitive patient data.',
'impact': {'data_compromised': 'Sensitive patient data exposed',
'financial_loss': '$1.2 million (extorted)',
'identity_theft_risk': 'High (sensitive data exposure)',
'operational_impact': 'Disrupted critical sectors (healthcare, '
'engineering)'},
'investigation_status': 'Closed (sentencing completed for two defendants, one '
'pending)',
'lessons_learned': 'Insider expertise can be weaponized in ransomware '
'operations, amplifying sophistication and impact. Law '
'enforcement is committed to prosecuting cybercriminals '
'regardless of background or location.',
'motivation': 'Financial gain (extortion)',
'post_incident_analysis': {'corrective_actions': 'FBI disruption of ALPHV '
'infrastructure, decryption '
'tool release, international '
'law enforcement '
'collaboration',
'root_causes': 'Leveraging cybersecurity expertise '
'to bypass defensive measures, '
'participation in RaaS ecosystem'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_paid': '$1.2 million (extorted)',
'ransomware_strain': 'ALPHV BlackCat'},
'references': [{'source': 'U.S. Department of Justice (DOJ)'},
{'source': 'FBI Miami Field Office'}],
'regulatory_compliance': {'legal_actions': 'Conspiracy to obstruct commerce '
'through extortion (federal '
'charges)'},
'response': {'containment_measures': 'FBI disrupted ALPHV infrastructure, '
'seized websites, and released '
'decryption tool',
'law_enforcement_notified': 'Yes (FBI, U.S. Secret Service)',
'remediation_measures': 'Decryption tool released (saved $99 '
'million in potential ransom payments)'},
'threat_actor': 'Ryan Goldberg, Kevin Martin, Angelo Martino (ALPHV BlackCat '
'affiliates)',
'title': 'Two U.S. Cybersecurity Professionals Sentenced for ALPHV BlackCat '
'Ransomware Attacks',
'type': 'Ransomware'}