Cybersecurity

Cyber Insiders Jailed 4 Years for BlackCat Ransomware Attacks

By Sentinel News Editorial Team

May 01, 2026 Source: Bleepingcomputer 5 views

Two former employees of cybersecurity incident response firms have been sentenced to four years in prison each for orchestrating BlackCat (ALPHV) ransomware attacks against U.S. companies. Leveraging their specialized knowledge, these individuals acted as affiliates, exploiting multiple victims including a drone manufacturer and a medical device firm. This case brings to light a critical insider threat within the industry tasked with digital defense.

Former Sygnia incident response manager Ryan Clifford Goldberg and DigitalMint negotiator Kevin Tyler Martin received four-year prison sentences.
The pair acted as BlackCat (ALPHV) ransomware affiliates between May and November 2023, breaching multiple U.S. companies.
Victims included a Virginia drone manufacturer and a Tampa medical device company, which paid a $1.27 million ransom.

Intelligence briefing: Why this matters: This case underscores the severe insider threat risk within the cybersecurity industry itself, demanding heightened vetting and internal controls for professionals handling critical incident response.

Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.

40-year-old Ryan Clifford Goldberg (a former Sygnia incident response manager) and 36-year-old Kevin Tyler Martin (a DigitalMint ransomware negotiator) were charged in November and pleaded guilty in December to conspiracy to obstruct commerce by extortion.

Together with 41-year-old Angelo Martino, a third accomplice who also pleaded guilty in April, the two acted as BlackCat ransomware affiliates between May 2023 and November 2023, breaching the networks of multiple victims across the United States.

According to court documents, they paid a 20% share of ransoms in exchange for access to BlackCat's ransomware and extortion platform.

The list of victims includes a Maryland pharmaceutical company, a Tampa medical device manufacturer, a California engineering firm, a Virginia drone manufacturer, and a California doctor's office.

Prosecutors said the Tampa medical device company paid $1.27 million after its servers were encrypted and it received a $10 million ransom demand in May 2023, with the payment laundered and split three ways with Martino.

While other companies whose networks were breached by Goldberg and Martin also received ransom demands ranging from $300,000 to $10 million, the indictment does not indicate whether they received any additional payments.

"These defendants exploited specialized cybersecurity knowledge not to protect victims, but to extort them," said U.S. Attorney Jason A. Reding Quiñones on Thursday. "They used ransomware to lock down critical systems, steal sensitive data, and pressure American businesses into paying to regain access to their own information."

"We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals," DigitalMint CEO Jonathan Solomon also told BleepingComputer earlier this month after Martino pleaded guilty.

The FBI ly linked the BlackCat ransomware gang to more than 60 breaches between November 2021 and March 2022.

Analysis

This incident critically erodes trust in the very firms tasked with defending against cyber threats, revealing how specialized knowledge can be weaponized from within. For defense and cybersecurity professionals, it highlights the paramount importance of robust internal security protocols and continuous monitoring, even for trusted employees. The use of sophisticated ransomware platforms by insiders blurs the lines between external adversaries and internal betrayal, complicating threat detection and response strategies and emphasizing the need for 'zero trust' principles applied to human capital.

ransomwareblackcatalphvinsider threatcybercrimesentencingcybersecurity

Original reporting: https://www.bleepingcomputer.com/news/security/us-ransomware-negotiators-get-4-years-in-prison-over-blackcat-attacks/