Two cybersecurity professionals from the United States have pleaded guilty to their roles as affiliates of the notorious ALPHV/BlackCat ransomware operation, admitting to extorting multiple American companies including three healthcare organizations. The case highlights the disturbing reality of trusted security professionals leveraging their expertise for criminal purposes.

Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, admitted in Miami federal court to conspiracy to obstruct commerce by extortion. Goldberg worked as an incident response manager at cybersecurity firm Sygnia, while Martin served as a ransomware negotiator at DigitalMint. Both men used their professional knowledge to operate on the other side of the ransomware battle between April and December 2023.

The conspirators agreed to pay ALPHV/BlackCat administrators a 20 percent share of any ransoms collected in exchange for access to the ransomware and the group's extortion platform. After successfully extorting one victim for approximately 1.2 million dollars in Bitcoin, the men split their 80 percent share three ways and laundered the proceeds through various means. A third unnamed co-conspirator, also employed as a ransomware negotiator at DigitalMint, participated in the scheme.

ALPHV/BlackCat was among the most prolific ransomware operations before law enforcement disrupted it in 2024. The group attacked more than 1,000 victims globally through its ransomware-as-a-service model, including devastating attacks on major Las Vegas hotels and real estate companies. The FBI developed a decryption tool that helped victims avoid paying an estimated 99 million dollars in ransoms.

Both defendants face up to 20 years in federal prison, with sentencing scheduled for March 12, 2026. The case serves as a stark warning that insider threats can emerge from within the cybersecurity industry itself, and that law enforcement agencies are capable of identifying and prosecuting ransomware affiliates regardless of their professional backgrounds.