The U.S. Department of Justice has announced the sentencing of two cybersecurity professionals, Ryan Goldberg from Georgia and Kevin Martin from Texas, to four years in federal prison each for their involvement in facilitating BlackCat ransomware attacks that occurred throughout 2023. Their actions targeted numerous victims across the United States during a period ranging from April to December 2023.
Both Goldberg and Martin, who pleaded guilty to their roles in December 2025, worked in conjunction with Angelo Martino from Florida. According to the Department of Justice, the trio conspired to deploy ransomware by offering a 20% cut of any ransoms to the BlackCat administrators in return for access to its extortion platform and ransomware tools.
These individuals, who were professionals in the cybersecurity field, had the expertise necessary to protect systems yet chose to exploit this knowledge for nefarious purposes. The Department of Justice highlighted that their actions directly contradicted their professional responsibilities in safeguarding digital systems.
In one notable incident, the group successfully extorted approximately $1.2 million in Bitcoin from a victim before laundering the proceeds to obfuscate their actions. This case underscores the significant financial motivations behind such cyberattacks and the potential for widespread damage to businesses.
While the BlackCat ransomware-as-a-service (RaaS) model has since been dismantled, it reportedly targeted over 1,000 networks worldwide, indicating the scale and impact of the attacks. These targeted organizations faced severe disruptions and financial losses, raising concerns about cybersecurity measures in place across various industries.
Martino has also recently pleaded guilty to similar charges and is awaiting sentencing in July 2026. He is reported to have leveraged his position as a negotiator to maximize payouts by disclosing confidential insurance information to ransomware operators, further complicating the ethical breaches in this case.
Both Martino and Martin were affiliated with DigitalMint, while Goldberg held a position as an incident response manager at Sygnia. U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida remarked on the exploitation of specialized cybersecurity knowledge that these individuals engaged in, emphasizing the serious implications for businesses and national security.
The tactics employed by the defendants align with several adversary techniques outlined in the MITRE ATT&CK framework. These include initial access methods such as phishing or exploitation of vulnerabilities, persistence techniques to ensure continued access to victim systems, and privilege escalation to gain higher levels of control over compromised networks. Their actions reflect a well-coordinated strategy, showcasing the sophisticated nature of modern cybercriminal organizations.