US prosecutors target trio for helping ALPHV BlackCat hackers extort businesses

Three American cybersecurity professionals have been accused of collaborating with ALPHV BlackCat hacker group, one of the world’s most notorious ransomware gangs, to extort millions of dollars from US businesses in cryptocurrency.

Federal prosecutors in Miami lodged legal complaints against one unmentioned co-conspirator and two named defendants by the names Ryan Clifford Goldberg and Kevin Tyler Martin, claiming they secretly worked with the ALPHV BlackCat hacker collective. 

The accused are facing allegations of infiltrating corporate computer systems, encrypting networks, and demanding ransom payments from victims in several US states.

BlackCat hackers disguised themselves as legitimate cybersecurity workers

According to an indictment filed on October 2 in a Miami federal court, Goldberg, Martin, and a third unnamed conspirator operated as ransomware hackers while holding legitimate jobs in the cybersecurity industry.

34-year-old Goldberg was director of incident response at Sygnia Consulting Ltd., an Israel-based cybersecurity firm, while Martin held a ransomware negotiator position at Chicago-based crypto payment firm DigitalMint.

In the court filing that officially accused the trio, prosecutors surmised that beginning in May 2023, they used insider knowledge to launch their own ransomware campaigns using malicious software ALPHV BlackCat.

The former cybersecurity professionals allegedly hit at least five US companies, including a medical device manufacturer in Tampa, a pharmaceutical firm in Maryland, a drone maker in Virginia, an engineering company, and a doctor’s office, both in California.

The prosecution mentioned one instance where the defendants received nearly $1.3 million worth of crypto in ransom from the Tampa-based medical device company. The payment was later shared with the developers of an “as-a-service” ALPHV ransomware.

As reported by Cryptopolitan, ALPHV, also known as BlackCat, has been deployed in hundreds of attacks worldwide, including against universities, hospitals, law firms, and financial institutions. In the Southern District of Florida alone, authorities say there were more than 20 victims of ALPHV BlackCat-related extortion attempts.

The criminal network gained notoriety in 2024 after the UnitedHealth gang’s subsidiary Change Healthcare hack. It compromised the personal information of about 190 million people and resulted in a ransom payment of $22 million, making it the biggest breach of healthcare records ever recorded.

Federal prosecutors: Cybersecurity used inside information in extortion

Per court documents citing Goldberg’s capacity in the legal charges, Sygnia’s director of incident response was responsible for helping clients recover from security breaches. The federal attorneys claim that it was enough to give him deep knowledge of ransomware behavior, which he could have used to extort victims. 

The accusations also mentioned Martin’s position at DigitalMint as a ransomware negotiator, which helped him work directly with victims and coordinate crypto transfers to hackers to restore access to encrypted networks.

The two men allegedly used their insider experience to identify weak targets and execute their own ransomware deployments. Per the indictment, a third person, known also as a ransomware negotiator at DigitalMint, participated in the scheme but was not charged, and their identity was undisclosed.

Both Sygnia and DigitalMint have confirmed that their former employees are implicated in the federal case, but insisted that neither company was aware of, or involved in, any criminal activity.

In an emailed statement, DigitalMint President Marc Jason Grens said Martin’s conduct was “completely outside the scope of his employment.” He added that the third person identified by prosecutors “may have also been a company employee,” although “the indictment doesn’t accuse DigitalMint of having any knowledge of or involvement in the criminal activity.”

Grens clarified that DigitalMint “is not a target of the investigation” and is cooperating fully with federal authorities.

“No client data was accessed or compromised as part of the charged conduct, and none of the individuals connected to the scheme has worked at the company in over four months,” he concluded.

Goldberg is currently being held in a federal detention facility in Florida, and his attorney, public defender MaeAnn Renee Dunker, declined to comment on the case or reveal if her client has entered a plea deal.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.