Sentencing of Ex-Cybersecurity Experts for Ransomware Engagements
Two former cybersecurity specialists have been sentenced to four years in prison after leveraging their insider expertise to orchestrate ransomware attacks.
Key Highlights:
- Two professionals from the U.S. cybersecurity sector were sentenced to four years each for their participation in BlackCat ransomware activities.
- The individuals, an incident responder and a ransom negotiator, were trusted insiders in the industry.
- They operated as affiliates within a ransomware-as-a-service (RaaS) framework, splitting profits with the notorious ALPHV/BlackCat syndicate.
- At least one organisation suffered a $1.2 million loss in Bitcoin, which was subsequently laundered.
- A third individual involved is pending sentencing
Transition from Guardian to Aggressor
The U.S. Department of Justice has revealed that Ryan Goldberg, age 40, and Kevin Martin, age 36, received four-year prison sentences for their involvement in ransomware activities executed in 2023.
Unlike typical criminals, these two were entrenched within the cybersecurity realm, playing crucial roles designed to combat such threats.
Goldberg was an incident response manager, whereas Martin excelled as a ransomware negotiator, placing them in direct dialogue with victims during critical breaches.
In a twist of fate, they chose to exploit that very knowledge for malicious aims.
Crucially, court documents illustrate that Goldberg and Martin allied with the infamous ALPHV/BlackCat ransomware group, recognised as one of the most formidable operations in the RaaS domain.
Their collaboration adhered to a well-trodden RaaS blueprint:
- They secured access to the ransomware’s infrastructure and platforms.
- As compensation, they relinquished 20% of the ransom gains to the operators.
- They executed the intrusions, encryption processes, and extortion.
From April to December 2023, the duo targeted various U.S. enterprises across multiple sectors, successfully extorting $1.2 million in Bitcoin from at least one of their victims, which they subsequently laundered.
The broader ALPHV/BlackCat collective has reportedly attacked over 1,000 victims worldwide, solidifying its reputation as one of the most detrimental ransomware entities in recent history, as stated by the U.S. Department of Justice in a press release:
ALPHV/BlackCat has targeted the computer networks of more than 1,000 victims globally, employing a ransomware-as-a-service model in which developers created and maintained the malware and infrastructure.
Affiliates were tasked with identifying and attacking high-value targets, subsequently sharing the extorted ransom.
Breach of Trust at a Critical Juncture
What exacerbates this situation is the attackers’ access to sensitive information. Angelo Martino, 41, from Florida, a co-conspirator still awaiting sentencing, allegedly utilised his position as a ransomware negotiator to divulge confidential information to the attackers, amplifying pressure on victims to capitulate.
Reporting from the previous month revealed that between April and November 2023, Martino negotiated for several ransomware victims while allegedly leaking vital data, including insurance limits and internal negotiation tactics, to the attackers.
Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division articulated the gravity of this betrayal:
The individuals in question were entrusted as cybersecurity professionals, meant to safeguard organisations.
Instead, they manipulated their advanced capabilities for personal gain. This transcends mere cybercrime—it’s a profound breach of trust within the cybersecurity community itself.
This intelligence presumably enabled the group to fine-tune their extortion demands, leading to heightened ransom amounts. In some instances, Martino reportedly took part in deploying malware into victim networks.
Plea Agreements
In December 2025, both Goldberg and Martin submitted guilty pleas to one count of conspiracy to obstruct, delay, or influence commerce through extortion.
Last month, co-conspirator Angelo Martino also admitted guilt regarding his involvement in the conspiracy.
The DOJ remarked, “In addition to conspiring with Goldberg and Martin in launching ransomware assaults, Martino exploited his negotiator role by sharing sensitive victim information with threat actors to enhance the ransom’s value.”
Due to his more profound entanglement in the scheme, Martino may face a sterner sentence, with his hearing scheduled for July 9.
This sentencing is part of broader U.S. initiatives to dismantle BlackCat operations. In 2023, the FBI confiscated crucial infrastructure and introduced a decryption tool that facilitated the recovery of numerous systems and averted an estimated $99 million in ransom payments.
Source link: Bitdefender.com.
