Two American cybersecurity professionals were sentenced today to four years each in prison for their role in a conspiracy to obstruct, delay, or affect commerce through extortion in connection with ransomware attacks occurring in 2023.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were sentenced. According to court documents, they and another co-conspirator, Angelo Martino, 41, of Florida, successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States. The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV BlackCat’s extortion platform. All three men worked in the cybersecurity industry – meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case. After successfully extorting one victim for approximately $1.2 million in Bitcoin, the men split their 80% share of this ransom three ways and laundered the funds through various means.
According to court documents, ALPHV BlackCat targeted the computer networks of more than 1,000 victims around the world. The group used a ransomware-as-a-service model in which developers were responsible for creating and updating ransomware and for maintaining the illicit internet infrastructure. Affiliates were responsible for identifying and attacking high-value victim institutions with the ransomware. After a victim paid, developers and affiliates shared the ransom.
“The court’s sentences today reflect the damage that these defendants inflicted during their cyberattacks on victim companies throughout the United States,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “They harmed important firms who were providing medical and engineering services. They played hardball with them, going so far as to cause the leak of patient data from a doctor’s office victim. They also split the ransoms they were paid, and laundered the illicit proceeds. These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed. Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others.”
“These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information. Today’s sentence of four years reflects not only the scale of this scheme, but the real harm inflicted on businesses, employees, and victims whose private information was weaponized for profit. In this District, cybercriminals will face federal prison and forfeit the proceeds of their crimes.”
“Today’s sentencings show that ransomware criminals can operate anywhere, including right here in the United States, and that the FBI is actively working to track them down and dismantle their networks – wherever they exist,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “Goldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the U.S., but the FBI’s global reach ensured that they ultimately faced justice. When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims. The FBI thanks our DOJ partners for their help securing today’s outcome.”
Today’s announcement follows the Justice Department’s prior actions in December 2023 to disrupt ALPHV BlackCat ransomware, in which the FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer hundreds of victims the capability of restoring their systems, saving victims approximately $99 million in ransom payments. At that time, the FBI also seized several websites operated by ALPHV BlackCat.
In December 2025, Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. In April 2026, co-conspirator Angelo Martino also pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. In addition to conspiring with Goldberg and Martin to attack victims with ransomware, Martino also abused his role as a negotiator for victims of ransomware by sharing confidential victim information with threat actors to increase the value of the ransom paid. His sentencing is set for July 9.
The FBI Miami Field Office is leading the investigation, with assistance provided by the U.S. Secret Service.
Trial Attorneys Christen Gallagher and Jorge Gonzalez of the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorneys Thomas Haggerty and Quinshawna Landon for the Southern District of Florida are prosecuting the case. Assistant U.S. Attorney Mitchell Hyman for the Southern District of Florida is handling asset forfeiture.
CCIPS investigates and prosecutes cybercrime in coordination with domestic and international law enforcement agencies, often with assistance from the private sector. Since 2020, CCIPS has secured the conviction of over 180 cybercriminals and court orders for the return of over $350 million in victim funds.
Significant assistance in this investigation was provided by Assistant U.S. Attorney Paul B. Morris for the Eastern District of Texas and Assistant U.S. Attorney Daniel W.A. Peach for the Middle District of Georgia. Additional assistance was provided by the Policía de Investigación of the Aeropuerto Internacional de la Ciudad de México.
Private sector organizations can report any suspicious activities and threats to the FBI’s National
Threat Operations Center by calling 1-800-CALL-FBI (225-5324), visiting www.tips.fbi.gov or contacting their local FBI field office.
If you are a victim of ransomware, contact your local FBI field office or file a report at ic3.gov. If you have information about ALPHV BlackCat, their affiliates or activities, you may be eligible for a reward through the Department of State’s Transnational Organized Crime Rewards program or Rewards for Justice program . Information can be submitted through the following Tor-based tip line (Tor browser required): he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion.