Two cybersecurity professionals from the United States have pleaded guilty to charges related to their role in BlackCat/Alphv ransomware attacks, the Justice Department announced this week.
Three individuals were charged in October for allegedly conducting ransomware attacks against several US-based companies. Two of the suspects, 36-year-old Kevin Martin from Texas and an unnamed individual, were employed as ransomware negotiators at threat intelligence and incident response firm DigitalMint.
The third suspect, 40-year-old Ryan Goldberg from Georgia, worked as an incident response manager at cybersecurity company Sygnia.
The three are accused of hacking into the systems of several companies, stealing valuable information, and deploying BlackCat ransomware.
Based on the Justice Department’s description of the scheme, the suspects were BlackCat ransomware affiliates, paying 20% of the ransoms they received from victims to the administrators of the ransomware operation in exchange for access to the file-encrypting malware and a platform designed for managing extortions.
According to the DOJ, the three men received a ransom of $1.2 million in Bitcoin from one victim.
Goldberg and Martin have each pleaded guilty to conspiracy to commit extortion for their roles in crippling business operations through the use of ransomware. They face up to 20 years in prison, with sentencing scheduled for March 12, 2026.
More than 1,000 organizations were targeted in the BlackCat ransomware operation between November 2021 and December 2023, when the cybercrime enterprise was disrupted as part of a law enforcement action. The cybercriminals continued to operate for a few more months until they received a $22 million ransom from Change Healthcare, and they pulled an exit scam.
The United States has been offering a $10 million reward since early 2024 for information on key members of the BlackCat ransomware group, but no charges have been announced to date.
The announcement of the Goldberg and Martin guilty pleas came just days after Ukrainian national Artem Stryzhak pleaded guilty in a US court to charges related to his role as a Nefilim ransomware affiliate.
Related: Ransomware Payments Surpassed $4.5 Billion: US Treasury
Related: Feds Seize Password Database Used in Massive Bank Account Takeover Scheme
