Two US Cybersecurity Pros Plead Guilty Over Ransomware Attacks

Two American cybersecurity professionals have pleaded guilty to federal charges after admitting they participated in ransomware attacks linked to the notorious BlackCat, also known as Alphv, cybercrime group, according to the U.S. Department of Justice.

The defendants, Kevin Martin, 36, of Texas, and Ryan Goldberg, 40, of Georgia, acknowledged their involvement as affiliates of the ransomware operation, despite holding professional roles that placed them on the front lines of defending organizations from cyberattacks.

Insider roles in ransomware scheme

Federal prosecutors say Martin and another unnamed suspect worked as ransomware negotiators for DigitalMint, a company specializing in threat intelligence and incident response. Goldberg, meanwhile, served as an incident response manager at Sygnia, a prominent cybersecurity firm.

According to court documents, the three individuals abused their technical expertise and trusted positions to infiltrate corporate networks, steal sensitive data, and deploy BlackCat ransomware against multiple U.S.-based organizations.

The suspects are accused of operating as ransomware affiliates — a common model in which attackers use malware and infrastructure supplied by a larger criminal group in exchange for a share of the profits. In this case, prosecutors say the men paid roughly 20% of ransom proceeds to BlackCat administrators.

Million-dollar ransom and criminal charges

The Justice Department said the group obtained at least $1.2 million in Bitcoin from a single victim. Martin and Goldberg have both pleaded guilty to conspiracy to commit extortion, a charge that carries a potential sentence of up to 20 years in federal prison.

Sentencing for both men is scheduled for March 12, 2026. The third defendant, whose name has not been publicly disclosed, has not yet entered a plea.

BlackCat’s global impact

BlackCat was one of the most active ransomware operations in recent years, targeting more than 1,000 organizations worldwide between late 2021 and late 2023. The group was partially disrupted by international law enforcement action, but continued operating for several months afterward.

The ransomware gang later received a reported $22 million payment from Change Healthcare before abruptly shutting down operations in what authorities described as an exit scam.

Despite offering a reward of up to $10 million for information leading to the identification or arrest of key BlackCat leaders, U.S. authorities have not yet announced charges against the group’s top operators.

A warning to the cybersecurity industry

The guilty pleas underscore growing concerns about insider threats within the cybersecurity sector, where trusted professionals can leverage privileged access and technical knowledge for criminal gain.

The announcement comes shortly after another high-profile ransomware case, in which a Ukrainian national pleaded guilty in the U.S. for acting as an affiliate of the Nefilim ransomware group — highlighting an ongoing global crackdown on ransomware networks.

Federal officials say the cases demonstrate that participation in ransomware schemes, even by security professionals, will be aggressively pursued and punished.