Ddos 
Two cybersecurity professionals have admitted to moonlighting as ransomware affiliates, utilizing the very skills designed to protect networks to instead lock them down and extort millions.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, entered guilty pleas in a federal district court in the Southern District of Florida. The charges relate to a conspiracy to commit extortion using the notorious ALPHV/BlackCat ransomware variant—a scourge that has targeted over 1,000 victims globally.
What sets this case apart from typical cybercrime indictments is the background of the perpetrators. Both men, along with a third co-conspirator, were employed in the cybersecurity industry. Rather than defending infrastructure, they weaponized their specialized knowledge for profit.
“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.
The case shatters the common misconception that ransomware is exclusively the domain of overseas syndicates operating from safe havens in Eastern Europe or Asia.
“Ransomware is not just a foreign threat — it can come from inside our own borders,” noted U.S. Attorney Jason A. Reding Quiñones. “Goldberg and Martin used trusted access and technical skill to extort American victims and profit from digital coercion.”
According to court documents, the pair operated as “affiliates” within the ALPHV BlackCat Ransomware-as-a-Service (RaaS) model between April and December 2023. In this ecosystem, developers create the malware and maintain the infrastructure, while affiliates like Goldberg and Martin identify targets, breach networks, and deploy the payload.
The financial arrangement was lucrative. The defendants agreed to a standard split: 20% of any ransom went to the BlackCat administrators, while they retained an 80% cut.
The scheme paid off significantly in at least one instance, where the group successfully extorted a victim for approximately $1.2 million in Bitcoin. The men subsequently split their share three ways and laundered the proceeds to obscure the paper trail.
In December 2023, the Justice Department announced a major disruption campaign against the gang, seizing several of their websites and releasing a decryption tool that saved victims an estimated $99 million in potential ransom payments.
Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion. They are scheduled for sentencing on March 12, 2026.
The transition from security defenders to convicted felons carries a steep price: both men face a maximum penalty of 20 years in prison.
Donate