Three men who worked in the cybersecurity industry pleaded guilty to charges related to ransomware attacks they launched with the help of ALPHV BlackCat in 2023.
Ryan Goldberg, 40, of Georgia, Kevin Martin, 36, of Texas, and an unnamed co-conspirator were accused of deploying the ALPHV BlackCat ransomware, deploying it against several victims in the United States, and agreeing to pay the ALPHV BlackCat administrators a 20% share of any ransoms they received, the Justice Department said in a Tuesday (Dec. 30) press release.
They extorted one victim for $1.2 million in bitcoin, according to the release.
The defendants are scheduled to be sentenced on March 12, 2026, the release said. They face a maximum penalty of 20 years in prison.
“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” A. Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division, said in the release.
Jason A. Reding Quïñones, U.S. attorney for the Southern District of Florida, said in the release: “Ransomware is not just a foreign threat — it can come from inside our own borders.”
Brett Skiles, special agent in charge of the FBI Miami Field Office, said in the release: “We strongly encourage businesses to exercise due diligence when engaging third parties for ransomware incident response, report suspicious or unethical behavior, and to expeditiously report any ransomware attack to the FBI and our law enforcement partners to safeguard their security and privacy.”
The ALPHV BlackCat ransomware group was disrupted by U.S. law enforcement in December 2023.
The Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said Dec. 4 that the disruptions of ALPHV BlackCat and another high-profile ransomware group, LockBit, contributed to a drop in reported ransomware incidents and payments in 2024.
Reported ransomware incidents and payments had reached an all-time high in 2023.
The cyberattacks attributed to ALPHV BlackCat include the February 2024 attack on Change Healthcare that resulted in the theft of 6 terabytes worth of protected health information (PHI) and personally identifiable information (PII). The ransomware gang also encrypted Change Healthcare’s servers and demanded a $22 million ransom for access, which UnitedHealth Group paid.
