US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity

Steven

US Cyber Pros Plead Guilty Over BlackCat Ransomware Activity

Summary

Two US-based cybersecurity professionals — Ryan Goldberg (formerly of Sygnia) and Kevin Martin (formerly of DigitalMint) — pleaded guilty to participating as affiliates of the ALPHV/BlackCat ransomware operation between April and December 2023. A federal court in Florida accepted their pleas on 29 December 2025; they admitted to deploying BlackCat ransomware against multiple US victims, extorting roughly $1.2 million in Bitcoin from one victim, and laundering their share of proceeds. The pair (and an unnamed third co-conspirator) acted as affiliates who paid a 20% cut to ALPHV administrators in exchange for use of the gang’s ransomware and infrastructure.

Both former employers have distanced themselves from the defendants, saying the individuals acted outside the scope of employment and that clients were not affected. Goldberg and Martin each pled guilty to one count of conspiracy to obstruct, delay or affect commerce by extortion and face sentencing on 12 March, with a potential maximum penalty of 20 years’ imprisonment.

Key Points

  • Two US cybersecurity professionals pleaded guilty to serving as ALPHV/BlackCat affiliates during 2023.
  • Defendants: Ryan Goldberg (formerly Sygnia) and Kevin Martin (formerly DigitalMint); a third unnamed co-conspirator is also implicated.
  • They deployed BlackCat ransomware against multiple US victims and extorted about $1.2 million in Bitcoin from at least one victim.
  • Affiliates paid a 20% fee to ALPHV administrators; the defendants split their 80% share of ransom proceeds and laundered funds.
  • Both pleaded guilty to conspiracy to commit extortion-related offences and face up to 20 years in prison; sentencing is set for 12 March.
  • Employers say the misconduct was unauthorised, they cooperated with law enforcement, and clients were not affected.

Context and Relevance

This case underscores two worrying trends: first, the persistent profitability and operational reach of RaaS groups like ALPHV/BlackCat even after major disruptions; second, the insider and insider-adjacent risk posed when skilled security professionals go rogue. For organisations, it’s a reminder that technical skill alone isn’t a safeguard — background checks, separation of duties, strong audit trails and continuous monitoring matter.

Law enforcement activity continues worldwide, with other recent guilty pleas and takedowns showing an ongoing effort to disrupt ransomware ecosystems. Still, splinter groups and affiliates can reconstitute operations quickly, making prevention and resilience critical.

Why should I read this?

Short version: two ex-security pros joined BlackCat and got caught — and that should worry anyone who hires, manages or defends IT teams. It’s a neat case study in how RaaS works, why insider risk matters, and what happens when high-skill people cross the line. Read it if you care about hiring, incident response or preventing costly ransomware hits.

Source

Source: https://www.darkreading.com/cyber-risk/us-cyber-pros-plead-guilty-over-ransomware-activity