Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, have been sentenced to four years in prison by the U.S. Department of Justice (DOJ) for their involvement in facilitating BlackCat ransomware attacks. The sentencing, announced on Thursday, targets their roles in deploying the malicious software against numerous victims across the United States between April and December 2023, highlighting a significant breach of trust within the cybersecurity industry.
Goldberg, 40, of Georgia, and Martin, 36, of Texas, both pleaded guilty to their roles in the scheme in December 2025. They conspired with Angelo Martino, 41, of Florida, to carry out these sophisticated attacks. The DOJ detailed that the agreement with the ALPHV BlackCat administrators involved a 20% share of any ransom payments received, in exchange for access to the ransomware and their extortion platform, demonstrating a clear profit motive behind their actions.
Cybersecurity Professionals Sentenced for BlackCat Ransomware Involvement
The conviction of Goldberg and Martin underscores a disturbing trend where individuals with specialized knowledge in protecting computer systems instead leverage their expertise for criminal activities. According to the DOJ, “All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.” This highlights a direct betrayal of the trust placed in cybersecurity professionals to safeguard data and infrastructure.
In one particularly egregious case, the defendants are reported to have successfully extorted a victim for approximately $1.2 million in Bitcoin. This substantial sum was then divided amongst the conspirators, with their 80% share split three ways. The subsequent laundering of these funds was an additional step taken to conceal their illicit gains and evade law enforcement detection.
The BlackCat ransomware operation, despite no longer being active in its previous form, is estimated to have impacted over 1,000 victims globally, compromising critical computer networks. The ripple effects of such attacks can be devastating, leading to significant financial losses, operational disruptions, and the potential exposure of sensitive personal and corporate data.
Angelo Martino’s Role and Potential Sentencing
The sentencing of Goldberg and Martin follows closely behind Angelo Martino’s guilty plea to similar charges. Martino, who is scheduled for sentencing in July 2026, allegedly exploited his position as a negotiator to inflate ransom demands. He is accused of sharing confidential information regarding victims’ insurance policy limits with BlackCat operators, thereby amplifying their extortion tactics and maximizing payouts. This manipulative approach further emphasizes the calculated and ruthless nature of the criminal enterprise.
A key detail emerging from the investigations is the professional background of the accused. Martino and Martin were employed by DigitalMint, a company involved in cryptocurrency. Meanwhile, Ryan Goldberg held a position as an incident response manager at Sygnia, a prominent cybersecurity firm. This juxtaposition of roles — serving in the cybersecurity industry while simultaneously perpetrating cybercrime — accentuates the severity of their offenses and the challenge faced by organizations in ensuring internal security protocols are robust enough to prevent such betrayals.
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” stated U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.” The prosecution’s emphasis on the malicious exploitation of technical skills underscores the DOJ’s commitment to prosecuting individuals who weaponize their expertise against innocent parties.
The ongoing legal proceedings and sentencing of individuals involved in sophisticated cybercriminal operations like the BlackCat ransomware attacks serve as a stark reminder of the persistent threats faced by businesses and governments worldwide. The DOJ’s successful prosecution in this case signals a continued effort to dismantle ransomware-as-a-service (RaaS) operations and hold those accountable who operate within them. The ultimate fate of Angelo Martino, and the potential for further revelations from his testimony, will be a key development to watch as July 2026 approaches, potentially shedding more light on the intricate workings of such cybercriminal networks and furthering efforts to enhance global cybersecurity.