Two cybersecurity professionals from the United States are facing four-year prison sentences for their participation in a series of extortion attacks that undermined the very industry they were trained to protect. Ryan Goldberg, 40, and Kevin Martin, 36, were sentenced on April 30, 2026, following their involvement with the ALPHV hacking group, also known as BlackCat.
This sentencing comes in the wake of a December 2025 report from Hackread.com, which highlighted how the duo leveraged their advanced technical skills to assist in cybercriminal activities instead of defending businesses against threats.
Professionals Turned Criminals
According to a press release from the U.S. Department of Justice, both Goldberg and Martin operated as affiliates of ALPHV throughout 2023. Goldberg’s role was that of an incident response manager, while Martin served as a ransomware negotiator. Rather than aiding businesses in threat recovery, they utilized a ransomware-as-a-service (RaaS) model to target those same entities.
By employing the BlackCat group’s platform, they encrypted crucial company files and agreed to share 20% of any extorted funds with the malware developers. In their campaign, they attacked over 1,000 victims across the globe, including engineering firms and healthcare institutions. Their methods were aggressive; in one instance, they disseminated sensitive patient information to coerce a medical office into payment.
A third individual, Angelo Martino, has pleaded guilty for aiding the hackers by sharing sensitive negotiation information, effectively increasing the ransom demands. Martino, 41, is currently awaiting sentencing, scheduled for July 9.
Disruption of Cybercriminal Activities
Goldberg and Martin managed to generate approximately $1.2 million in Bitcoin from a single victim, but their illicit activities came to an end when the FBI dismantled the BlackCat network in late 2023. Law enforcement officials developed a tool that enabled hundreds of victims to regain access to their data without paying the ransoms, thus thwarting around $99 million in potential profits for the criminals.
Goldberg briefly evaded capture by traveling through ten different countries after becoming aware of ongoing surveillance. However, he was eventually apprehended in Mexico City and returned to the United States. The Department of Justice stated that the four-year sentences reflect the harm caused by their actions and the perversion of their technical expertise into malicious activities for personal gain.
Employing tactics associated with the MITRE ATT&CK framework, including initial access and privilege escalation, the accused exploited their insider knowledge to execute their schemes, raising concerns about the trustworthiness of cybersecurity professionals. The overarching impact serves as a stark reminder of the potential for betrayal in this increasingly vulnerable digital landscape.