VYPR
breachPublished May 4, 2026· Updated May 17, 2026· 1 source

Cybersecurity Professionals Sentenced for Facilitating BlackCat Ransomware Attacks

Two cybersecurity professionals have been sentenced to four years in prison for their roles as affiliates in the ALPHV/BlackCat ransomware operation, having extorted over $1 million from victims.

Two American cybersecurity professionals, Ryan Goldberg and Kevin Martin, have been sentenced to four years in federal prison for their roles as affiliates in the ALPHV/BlackCat ransomware operation. The pair pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce by extortion, marking a significant legal outcome in the ongoing crackdown against the notorious ransomware-as-a-service (RaaS) group Help Net Security.

According to court documents, Goldberg and Martin, alongside co-conspirator Angelo Martino, actively deployed ALPHV/BlackCat ransomware against multiple U.S.-based targets between April and December 2023. Operating under the RaaS model, the defendants utilized the group's infrastructure and malware in exchange for a 20% cut of the illicit proceeds paid to the gang's administrators. In one specific instance, the group successfully extorted approximately $1.2 million in Bitcoin from a victim, which the defendants subsequently split and laundered Help Net Security.

The ALPHV/BlackCat collective, which has targeted over 1,000 organizations globally, relies on a structured hierarchy where developers maintain the malware and extortion platforms while affiliates like Goldberg and Martin handle target selection and execution. The third co-conspirator, Angelo Martino, served as a ransomware negotiator and was found to have leaked confidential victim information to threat actors to artificially inflate ransom demands. Martino pleaded guilty in April 2026 and is currently awaiting sentencing, which is scheduled for July 9 Help Net Security.

The sentencing highlights the Justice Department's broader efforts to dismantle the ALPHV/BlackCat ecosystem. These efforts previously included a major operation in December 2023, during which the FBI developed a decryption tool that enabled victims to recover their systems without paying ransoms, saving an estimated $99 million. During that same operation, the FBI seized several websites operated by the ransomware group Help Net Security.

The investigation into the defendants was extensive, with the FBI tracking Goldberg through 10 different countries as he attempted to flee abroad to avoid prosecution. U.S. Attorney Jason A. Reding Quiñones emphasized that the defendants intentionally weaponized their specialized cybersecurity knowledge to lock down critical systems and steal sensitive data from American businesses Help Net Security.

This case underscores the persistent threat posed by insiders and security professionals who pivot to cybercrime. By leveraging their technical expertise to facilitate large-scale extortion, these individuals demonstrate the evolving nature of the RaaS threat landscape. The successful prosecution serves as a warning that federal authorities are increasingly capable of tracking and holding accountable those who operate within the shadows of the global ransomware economy Help Net Security.

Synthesized by Vypr AI