December 31, 2025
They pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Two former cybersecurity professionals have admitted they were secretly running ransomware attacks on the side.
According to an announcement this week from the US Department of Justice, Ryan Goldberg, 40, and Kevin Martin, 36, pleaded guilty to orchestrating a string of ransomware attacks in 2023 that netted them about $1.2 million in Bitcoin.
Here’s the part that makes security teams everywhere groan into their coffee: one of the defendants was literally a ransomware negotiator.
Martin and an unnamed co-conspirator worked at Digital Mint, a company that helps organizations survive ransomware attacks.
Goldberg, meanwhile, was an incident response manager at Sygnia Cybersecurity Services. Their day jobs involved cleaning up cybercrime. Their alleged night job was committing it.
The trio used the infamous ALPHV / BlackCat ransomware, encrypting victims’ systems and stealing data before demanding massive payouts.
BlackCat operates like a startup accelerator for hackers: the developers build and maintain the malware, while affiliates do the dirty work and share the profits.
It’s ransomware, but with revenue sharing.
Ironically, 2023 was also the year the Federal Bureau of Investigation rolled out a decryption tool designed to help victims recover data locked up by BlackCat, a move that likely made life much harder for criminals relying on it.