Ryan Clifford Goldberg and Kevin Tyler Martin: former responders turned offenders
Ryan Clifford Goldberg and Kevin Tyler Martin — both former cybersecurity professionals — were each sentenced to four years in prison, the Justice Department announced. The two had pleaded guilty in December to one of three charges brought against them and faced statutory maximums of up to 20 years on those counts. Goldberg was a manager of incident response at Sygnia, and Martin was a ransomware negotiator at DigitalMint when they collaborated with Angelo John Martino III to deploy ALPHV, also known as BlackCat, ransomware and seek extortion payments.
ALPHV/BlackCat ransomware and negotiation abuses
The attacks used ALPHV/BlackCat ransomware to lock victim systems, steal data, and pressure organizations for payment. A. Tysen Duva, assistant attorney general of the Justice Department’s criminal division, said the defendants used “high-level cyber skills to feed their greed.” The case also highlighted abuses tied to ransomware negotiation as a practice: Martino, who worked as a ransomware negotiator, allegedly exploited that rare role by sharing confidential information about victims’ internal negotiating positions and insurance limits to maximize ransom extractions.
Victims and the scale of the extortion
Between March and September 2023 the defendants participated in attacks that targeted a range of U.S. businesses. Victims identified by the Justice Department include a medical company based in Florida, a pharmaceutical company in Maryland, a California doctor’s office (which suffered a patient data leak), an engineering company in California, and a drone manufacturer in Virginia. Goldberg, Martin and Martino extorted a $1.3 million ransom payment from the Florida medical company in May 2023; their other attempts did not yield payments. By contrast, Martino’s broader scheme—working with accomplices—resulted in combined ransom payments of $75.3 million to those affiliates, according to the Justice Department.
Law enforcement tracing, arrests, and corporate responses
The enforcement arc was uneven. Martin was arrested without incident in October 2023 and released on bond later that month. Goldberg fled the country in June 2023, ten days after an FBI interview, and boarded a one-way flight to Paris from Atlanta on June 27; he remained in Europe until Sept. 21. When Goldberg flew from Amsterdam to Mexico City, he was arrested on arrival, deported to the United States, and ordered kept in custody pending trial due to flight risk. “When Goldberg sought to flee abroad and escape prosecution, the FBI tracked him through 10 countries, demonstrating the lengths we will go to hold cyber criminals accountable and protect victims,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement.
Sygnia and DigitalMint are not accused of any knowledge or involvement in the crimes; both firms previously said they fired their former employees once federal authorities alerted them to the alleged conduct.
How technologists, insurers, and affected enterprises will watch the fallout
- Technologists and security teams will watch the ALPHV/BlackCat thread closely: the variant has been used in numerous health-care attacks since it first appeared in late 2021 and was linked by its operators to major incidents, including the February 2024 attack on Change Healthcare that resulted in a $22 million ransom and compromised data on about 190 million people.
- Insurers and negotiators will note the risks of insider abuse in negotiation roles: Martino’s case shows how access to victims’ negotiating positions and insurance limits can be abused to extract larger payments, a practice the Justice Department flagged when describing his guilty plea.
- Affected enterprises — particularly those in medical, pharmaceutical, and critical engineering fields — will take the sentencing as a reminder that attackers can include former trusted specialists, and that ransom outcomes can range from a single large payment (the $1.3 million extortion from the Florida medical company) to organized campaigns yielding multimillion-dollar takings for criminal networks.
Goldberg and Martin received identical prison terms despite different paths to arrest; their co-conspirator Angelo John Martino III has pleaded guilty to related charges and was released on a $500,000 bond after surrendering to the U.S. Marshals in Miami. Martino faces up to 20 years in federal prison and is scheduled for sentencing on July 9.
The case stitches together three durable threads: the criminal reuse of legitimate cybersecurity expertise, the operational reach and damage inflicted by ALPHV/BlackCat ransomware, and the intensifying focus by U.S. law enforcement on both the attackers and the opaque backchannel practices around ransom negotiation. For victims who lost data and for the negotiators and insurers who now find themselves in the crosshairs, the coming months — including Martino’s July 9 sentencing — will further define how the criminal and legal consequences of these practices are measured and enforced.
Original report: https://cyberscoop.com/incident-responders-ryan-goldberg-kevin-martin-sentenced-ransomware/




