"These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them," said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida.
Sentencing of Ryan Goldberg and Kevin Martin
The U.S. Department of Justice announced that Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were each sentenced to four years in prison for their roles facilitating ALPHV/BlackCat ransomware attacks carried out in 2023. According to the DoJ, the two defendants deployed the ransomware against multiple victims located throughout the United States between April and December 2023. The pair pleaded guilty in December 2025 to charges tied to those attacks, and the DoJ's announcement came this week.
Role of Angelo Martino and the plea timeline
The DoJ says Goldberg and Martin conspired with Angelo Martino, 41, of Florida, in the scheme. The development came a week after Martino pleaded guilty to related charges; he is scheduled to be sentenced in July 2026. The DoJ further alleges that Martino abused his role as a negotiator during negotiations with victims by sharing confidential information about victims' insurance policy limits with the ALPHV/BlackCat operators to extract higher payouts.
How ALPHV/BlackCat RaaS was monetized
The three men are accused of using the ALPHV/BlackCat ransomware-as-a-service platform as part of a revenue-sharing arrangement. "The three men agreed to pay the ALPHV BlackCat administrators a 20% share of any ransoms received in exchange for access to the ransomware and ALPHV/BlackCat's extortion platform," the DoJ said. Although the ALPHV/BlackCat RaaS scheme no longer exists, the group is estimated to have targeted the computer networks of more than 1,000 victims around the world.
The $1.2 million Bitcoin payout and laundering
In at least one case cited by prosecutors, the defendants successfully extorted a victim for approximately $1.2 million in Bitcoin. The DoJ alleges the defendants kept an 80% share of that payment, splitting it three ways, and then laundered the funds to conceal their tracks. Prosecutors said the conspirators used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information.
What this means for cybersecurity professionals, insurers, and victims
- Cybersecurity professionals and security teams: The DoJ statement highlights a risk when individuals with incident response and negotiation skills turn those capabilities toward extortion. Two of the defendants worked for named firms — Martino and Martin at DigitalMint, and Goldberg as an incident response manager for Sygnia — a fact the DoJ cited in describing the defendants' "special skills and experience."
- Insurers and negotiators: Prosecutors allege that Martino shared confidential details about victims' insurance policy limits with the BlackCat operators to secure larger payouts. That claim signals particular vulnerability when confidential policy information is exposed during breach negotiations.
- Affected enterprises and victims: One documented case resulted in roughly $1.2 million in Bitcoin paid under duress and then laundered. Victim organizations targeted by ALPHV/BlackCat faced not only operational disruption but also data theft and the difficult process of negotiating under pressure.
The sentences handed down to Goldberg and Martin, and the upcoming sentencing for Martino in July 2026, close one chapter in prosecutions tied to ALPHV/BlackCat. They also underline a hard question the DoJ put plainly: when people with specialized cybersecurity expertise use their knowledge to facilitate extortion, the harms are both technical and ethical. The record in this case — a sizable cryptocurrency payout, alleged abuse of a negotiation role, and laundering to hide proceeds — will be part of the court files and the public reckoning as sentencing proceeds.




