Guardians Turned Predators: Former U.S. Cybersecurity Experts Sentenced to Four Years for Fueling BlackCat Ransomware Attacks

By Security Desk | Published: May 1, 2026 | United States

Two professionals who were hired to defend organizations from ransomware used that same expertise to attack them, exposing a deeply troubling blind spot in the cybersecurity industry's trust framework.

In a case that has sent shockwaves through the cybersecurity industry, the U.S. Department of Justice announced on April 30, 2026 the sentencing of two former cybersecurity professionals to four years in federal prison each. Ryan Clifford Goldberg, 40, of Georgia, and Kevin Tyler Martin, 36, of Texas, were convicted of conspiracy to commit extortion for their active roles in deploying the ALPHV BlackCat ransomware against multiple U.S. organizations throughout 2023.

Far from being peripheral participants, both men leveraged the very skills that made them valuable defenders and turned those abilities against the clients and sectors they were supposed to protect.

"These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them. They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information."

— U.S. Attorney Jason A. Reding Quinones, Southern District of Florida

How the Scheme Operated

Goldberg, Martin, and a third co-conspirator, Angelo John Martino III, 41, of Land O' Lakes, Florida, operated as formal affiliates of the ALPHV BlackCat ransomware group between April 2023 and December 2023.

ALPHV BlackCat ran on a ransomware-as-a-service (RaaS) model. The three men paid the group a 20% share of any ransoms collected and kept the remaining 80%. They used their professional expertise, contacts, and technical knowledge to identify targets, breach networks, deploy ransomware, and extort victims using double-extortion tactics.

The Victims and the Damage Left Behind

The group targeted a Maryland pharmaceutical company, a Tampa-based medical device manufacturer, a California engineering firm, a Virginia drone manufacturer, a California medical practice, and others. Across ten attacks, they successfully extorted more than $75.25 million, with two payments exceeding $25 million each.

The healthcare sector was hit particularly hard, with attacks disrupting patient care and endangering lives.

Angelo Martino and the Negotiator Conflict of Interest

In one of the most shocking elements of the case, Angelo Martino worked as a ransomware negotiator at DigitalMint. He was assigned to negotiate on behalf of five companies that his own group had attacked. While pretending to help victims, he was secretly feeding them information to maximize ransom demands.

"As he admitted in court, he abused his position at a cyber incident response company to feed confidential information to BlackCat actors... He then went further, joining the conspiracy himself to deploy ransomware and profit from extortion."

— Department of Justice Statement

The BlackCat ALPHV Ransomware Operation

ALPHV BlackCat was one of the most prolific ransomware groups, responsible for hundreds of attacks and hundreds of millions of dollars in ransom payments. The group collapsed in early 2024 after its own administrators conducted an exit scam on their affiliates.

The FBI's Response

The FBI disrupted the BlackCat infrastructure in December 2023 and released a free decryption tool that saved victims nearly $99 million in potential ransom payments.

What This Case Reveals

This case highlights the serious insider threat within the cybersecurity industry. Professionals with deep system access and specialized knowledge are in a unique position to cause massive harm if they turn malicious.

It serves as a wake-up call for stronger vetting, monitoring, and safeguards in firms handling incident response and ransomware negotiations.