Cybersecurity Professionals Charged for Deploying ALPHV BlackCat Ransomware Against US Companies

Two cybersecurity professionals have been federally charged for orchestrating a sophisticated ransomware campaign targeting multiple American businesses.

Ryan Clifford Goldberg, 28, of Watkinsville, Georgia, and Kevin Tyler Martin, 31, of Roanoke, Texas, face serious criminal charges related to their alleged deployment of the notorious ALPHV BlackCat ransomware against healthcare, pharmaceutical, manufacturing, and engineering firms across the United States.​

The indictment, filed in the U.S. District Court for the Southern District of Florida on October 2, 2025, reveals an organized criminal operation that generated millions in extortion payments between May 2023 and April 2025.

ALPHV/BlackCat emerged as one of the most destructive ransomware variants in late 2021. Attacking hundreds of institutions worldwide and causing tens of millions in cryptocurrency ransom payments, combined with massive operational disruptions.​

How the Attack Campaign Worked

According to federal prosecutors, the defendants and an unnamed co-conspirator followed a structured attack methodology that became characteristic of ALPHV BlackCat operations.

The scheme involved gaining unauthorized access to corporate networks, stealing sensitive data, deploying encryption malware, and then demanding substantial ransom payments.

The group exploited fear of financial loss and data exposure to coerce payments from victims who faced impossible choices between losing their data or paying cryptocurrency ransoms.​

The defendants allegedly infiltrated five major companies, causing documented damages exceeding $17.5 million in ransom demands.

Their victims included a Tampa-based medical device manufacturer from which they extorted approximately $10 million, a Maryland pharmaceutical company, a California doctor’s office, an engineering firm also in California, and a Virginia-based drone manufacturer.

Over twenty ALPHV BlackCat victims operated in Florida’s Southern District alone, highlighting the campaign’s regional concentration.​

The federal indictment charges include conspiracy to interfere with interstate commerce through extortion, interference with interstate commerce by extortion, and intentional damage to protected computers.

Prosecutors also seek compensation of all proceeds derived from the criminal conspiracy, meaning any cryptocurrency or assets purchased with ransom money become subject to government seizure.​

The charges underscore how cybersecurity expertise turned toward criminal purposes creates devastating consequences for legitimate businesses and their customers who depend on the continuity of services and data security.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.