All incidents

Two US cybersecurity professionals sentenced for aiding BlackCat ransomware

campaignclosedApr 21, 2026 — May 1, 2026
Two US cybersecurity professionals sentenced for aiding BlackCat ransomware

TWO US cybersecurity professionals have been sentenced to four years in prison each for their part in a ransomware extortion scheme that used the BlackCat (ALPHV) malware, according to a Department of Justice press release DOJ announcement. Ryan Goldberg of Georgia and Kevin Martin of Texas pleaded guilty to conspiracy to affect interstate commerce by extortion, while a third accomplice, Angelo Martino of Florida, awaits sentencing.

The trio worked at cybersecurity firms, two as ransomware negotiators, and abused their positions to feed BlackCat operators with confidential details about victims’ negotiating positions, insurance limits and internal response plans Databreaches report. This insider access allowed the gang to maximise ransom demands before deploying the ransomware against targets.

In one case the group allegedly extorted about 1.2 million US dollars in Bitcoin from a single victim, keeping eighty percent of the proceeds and handing twenty percent to the BlackCat administrators SecurityWeek coverage. The remaining funds were split three ways among Goldberg, Martin and Martino and laundered through various channels.

BlackCat activity remained prolific throughout 2023, with more than one thousand organisations targeted between November 2021 and December 2023, according to investigators The Hacker News. The case highlights how trusted insiders can be leveraged to amplify the impact of ransomware campaigns.

Defenders should review the privileges granted to external consultants and negotiators, ensuring that access to sensitive client information is limited to what is strictly necessary and monitored for unusual behaviour. Segregation of duties and regular audits of communications can help detect attempts to leak data to threat actors.

Organisations are also advised to enforce multi‑factor authentication on all remote access points, maintain segmented networks to limit lateral movement, keep offline backups that are tested regularly and rehearse incident response plans so that any ransomware event can be contained quickly.

Intelligence briefing updated Jun 12, 2026

BlackCat
Root sourcewww.justice.gov
Timeline Coverage

Swipe to explore timeline