Two US-based cybersecurity professionals have been sentenced to prison after admitting their role in a series of ransomware attacks linked to the ALPHV/BlackCat cybercrime group, in a case that highlights insider threats within the security industry.
According to the US Department of Justice, the two individuals were each sentenced to four years in prison for participating in ransomware operations targeting multiple organizations in 2023.
The defendants were identified as former incident response specialist Ryan Goldberg and ransomware negotiator Kevin Martin, who previously worked in roles designed to help organizations respond to cyberattacks. Prosecutors said they instead used their expertise to carry out attacks and extort victims.
Court documents show the pair collaborated with at least one additional accomplice to deploy ALPHV/BlackCat ransomware against several US-based companies. In one case, they extorted approximately $1.2 million in cryptocurrency from a single victim.
The attackers operated as affiliates of the ALPHV/BlackCat ransomware group, which runs a ransomware-as-a-service model. This structure allows affiliates to carry out intrusions and share a portion of ransom payments with the core operators.
Investigators found that the defendants’ actions involved a significant conflict of interest. In some instances, they allegedly attacked organizations and later participated in response or negotiation processes tied to the same incidents, effectively exploiting insider knowledge to increase ransom pressure.
Authorities emphasized that the case represents a serious breach of trust within the cybersecurity industry. Officials noted that the defendants leveraged professional access and technical expertise to conduct financially motivated attacks instead.
The broader investigation also involves a third individual who has pleaded guilty and is awaiting sentencing. Prosecutors allege the group collectively carried out multiple attacks across sectors, including healthcare and technology, generating significant illicit profits.
The ALPHV/BlackCat group, active since 2021, has been linked to numerous high-profile ransomware incidents worldwide and is known for its use of data exfiltration and extortion tactics.
The sentencing underscores increasing law enforcement focus on individuals operating within ransomware ecosystems, particularly those abusing legitimate cybersecurity roles to facilitate attacks.