Former incident responders plead guilty to ransomware attack spree

Two former cybersecurity professionals have pleaded guilty to orchestrating a series of ransomware attacks in 2023, targeting multiple companies while employed to help organizations defend against such threats.

Ryan Clifford Goldberg, previously an incident response manager at Sygnia, and Kevin Tyler Martin, a ransomware negotiator at DigitalMint, admitted in U.S. District Court for the Southern District of Florida to conspiring with an unnamed co-conspirator to deploy ALPHV/BlackCat ransomware against five organizations, causing total losses exceeding $9.5 million.

The pair were indicted in late 2025, with Goldberg arrested on September 22 and Martin on October 14. Under their plea agreements, each pleaded guilty to conspiracy to interfere with interstate commerce by extortion, reducing potential prison terms from 50 years to 20 years.

Victims of the attacks included a Florida-based medical company, a Maryland pharmaceutical firm, a California doctor’s office, a California engineering company, and a Virginia drone manufacturer. Prosecutors said the attackers successfully extorted nearly $1.3 million from the medical company but failed to obtain payments from the other targets.

Both Goldberg and Martin are required to forfeit $342,000, representing proceeds from their crimes, and may face fines up to $250,000 in addition to restitution. Officials indicated that reduced sentences could be recommended if they fully cooperate and refrain from further criminal activity.

A spokesperson for DigitalMint emphasized the company’s cooperation with authorities and condemned Martin’s actions. “His behavior was undertaken without the company’s knowledge or consent and violates our ethical standards,” the spokesperson said. Sygnia did not immediately comment.

The trio allegedly leveraged an affiliate account on ALPHV, a ransomware variant notorious for attacks on critical infrastructure and healthcare providers. ALPHV first emerged in 2021 and was implicated in high-profile incidents, including the $22 million ransom paid by Change Healthcare, which compromised the data of roughly 190 million individuals.

According to prosecutors, Goldberg, Martin, and their co-conspirator ceased operations by March 2024, bringing an end to their illicit ransomware campaign.