U.S. federal prosecutors have charged three individuals with orchestrating a series of ransomware attacks using the BlackCat, also known as ALPHV strain, against various American companies between May and November 2023. The defendants, identified as Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator referred to as “Co-Conspirator 1”-are all U.S. nationals based in Florida. According to court filings, the three targeted five organizations: a medical device company in Tampa, a pharmaceutical firm in Maryland, a California-based doctor’s office, an engineering company in California, and a drone manufacturer in Virginia.
The indictment, first reported by The Chicago Sun-Times, details how Martin and the unnamed accomplice worked as ransomware negotiators for DigitalMint, while Goldberg was an incident response manager for Sygnia, a cybersecurity firm. Both firms have confirmed their cooperation with law enforcement and the individuals are no longer employed.
The indictment accuses the defendants of conspiring to hack into corporate systems, propagate the BlackCat ransomware, exfiltrate data, and extort cryptocurrency in exchange for a decryption key. The victim organizations were threatened with ransoms between $300,000 to $10 million, authorities say; one of them, the Tampa-based medical device manufacturer, has reportedly paid about $1.27 million in virtual currency.
According to court documents, Goldberg admitted to the FBI that he was recruited by the unnamed co-conspirator to “try and ransom some companies” in an attempt to resolve personal debt. Martin, however, has pleaded not guilty. The third suspect remains unindicted.
Goldberg and Martin were indicted on multiple federal charges, including conspiracy to commit extortion and intentional damage to protected computers, which carry prison sentences of up to 50 years if convicted.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
