U.S. federal prosecutors have charged three individuals, including two former employees of cybersecurity and tech firms, in connection with a series of BlackCat ransomware attacks that targeted five American companies between May and November 2023. The indictment alleges that these individuals used the notorious BlackCat (also known as ALPHV) ransomware to infiltrate company networks, steal data, and demand substantial payouts, impacting businesses across various sectors.
The accusations stem from a federal investigation that has identified Ryan Clifford Goldberg, Kevin Tyler Martin, and an unidentified co-conspirator, all U.S. nationals operating from Florida, as the alleged perpetrators. Their targets included a medical device company in Tampa, Florida; a pharmaceutical firm in Maryland; a doctor’s office and an engineering company, both in California; and a drone manufacturer in Virginia. The report of the indictment was first detailed by the Chicago Sun-Times over the weekend.
Allegations Surrounding BlackCat Ransomware Attacks
According to the indictment, Ryan Clifford Goldberg, who was previously an incident response manager at the cybersecurity company Sygnia, and Kevin Tyler Martin, who is identified as a former ransomware threat negotiator at DigitalMint, along with their co-conspirator, are accused of orchestrating these cyber intrusions. Both DigitalMint and Sygnia have stated their full cooperation with law enforcement in the ongoing investigation. Previously, in July 2025, Bloomberg reported that the FBI was scrutinizing a former DigitalMint employee suspected of profiting from ransomware payments.
The core of the charges revolves around a conspiracy to unlawfully access victims’ networks, steal sensitive data, deploy BlackCat ransomware, and extort cryptocurrency payments before dividing the illicit gains. Federal prosecutors allege that this criminal enterprise was designed solely for self-enrichment.
The indictment details specific instances of these alleged BlackCat ransomware attacks:
- Around May 13, 2023, the medical device firm was targeted, with the defendants reportedly demanding approximately $10,000,000 in ransom. The company ultimately paid a sum equivalent to about $1,274,000 in virtual currency.
- In May 2023, another company was attacked, though the ransom demand amount was unspecified.
- In July 2023, a doctor’s office faced a demand of roughly $5,000,000.
- An engineering company in California was allegedly targeted in October 2023, with a ransom demand of approximately $1,000,000.
- The final reported incident involved a drone manufacturer in Virginia in November 2023, where a ransom of approximately $300,000 was demanded.
It is noted that the perpetrators were allegedly unsuccessful in extorting payments from all their intended victims. While Martin has entered a plea of not guilty, court documents indicate that Goldberg allegedly confessed to FBI agents during an interview that he was recruited by the unnamed co-conspirator to “try and ransom some companies” and that his motivation was to alleviate personal debt.
Legal Ramifications and Future Proceedings
Both Goldberg and Martin face significant legal consequences. They have been charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to a protected computer. These charges carry a potential maximum penalty of up to 50 years in federal prison, underscoring the severity of the alleged cybercrimes facilitated by the BlackCat ransomware.
The legal proceedings are expected to continue, with the court determining the guilt or innocence of the accused. The ongoing investigation and potential further indictments could shed more light on the broader network of individuals involved in ransomware-as-a-service operations like BlackCat. The outcome of this case will likely influence future enforcement actions against other cybercriminal groups exploiting similar tactics.