The U.S. Department of Justice recently announced on its website that the U.S. District Court for the Southern District of Florida has formally accepted plea agreements from two American men. The two men admitted to conspiring in 2023 to use the well-known ransomware ALPHV (BlackCat) to launch cyberattacks against multiple victims within the United States and to obtain illegal profits through digital extortion. Their actions constitute federal felonies.
Having a cybersecurity background but becoming a perpetrator
According to court documents, the perpetrators are Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas. Between April and December 2023, the two, along with another accomplice, successfully deployed the ALPHAV BlackCat ransomware to multiple targets in the United States.
Of particular concern is that all three accomplices had previously worked in the cybersecurity industry and possessed professional cybersecurity knowledge and system protection experience. They should have been responsible for assisting companies in preventing hacker attacks, but instead, they used their technical advantages to launch extortion campaigns against companies and organizations.
Ransomware operates on a franchise model, profiting from a share of ransom payments.
The U.S. Department of Justice stated that ALPHAV BlackCat operated on a "Ransomware as a Service" (RaaS) model. The developers provided the ransomware tools and the illegal platform, while the actual attacks were carried out by "franchisees." Goldberg and others, in order to obtain usage rights, agreed to give 20% of the proceeds from each successful ransom payment to the administrators of ALPHAV BlackCat.
In one of the successful attacks, the three extorted approximately $1.2 million worth of Bitcoin from a single victim and then laundered the money through various means to conceal the source of the funds after splitting the proceeds.
More than a thousand victims worldwide; the United States previously dealt a heavy blow to the organization.
The Department of Justice further explained that ALPHV BlackCat has attacked more than 1,000 victims worldwide, making it one of the most destructive ransomware groups in recent years.
Back in December 2023, the Federal Bureau of Investigation (FBI) launched a large-scale law enforcement operation against the organization, not only developing decryption tools to help hundreds of victims around the world recover their systems and preventing an estimated $99 million in ransom losses, but also seizing several illegal websites operated by ALPHV BlackCat.
He could face up to 20 years in prison, with sentencing scheduled for 2026.
Goldberg and Martin each pleaded guilty to one count of conspiracy to "impede or influence business by extortion," violating U.S. federal law. They are scheduled to be sentenced on March 12, 2026, and each charge carries a maximum sentence of 20 years in prison. The actual sentence will be determined by the judge based on sentencing guidelines and the circumstances of the case.
The U.S. Department of Justice emphasizes that ransomware threats not only originate from overseas, but also from high-risk internal criminals within the United States. Law enforcement agencies will continue to monitor the ransomware ecosystem, not only tracking down actual attackers but also holding accountable any individuals or organizations that knowingly assist or profit from criminal activities.
The authorities also urged businesses and organizations to be vigilant and report ransomware incidents to law enforcement agencies immediately to minimize losses and prevent further victims.
