Monday 06 July 2026 14:28:59 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Ransomware & Extortion

Guardians Turned Grifters: US Cybersecurity Pros Jailed for Double-Crossing Companies with Ransomware

Published: 01 May 2026 15:01Category: Ransomware & ExtortionGeo: North AmericaAuthor: TRUSTBREAKER

Trusted defenders exploited their inside knowledge to orchestrate devastating ransomware attacks, pocketing millions before being unmasked.

They were supposed to be the digital world’s frontline defenders-experts paid to protect companies from cyber extortionists. Instead, Ryan Goldberg, Kevin Martin, and Angelo Martino crossed to the dark side, weaponizing their privileged access and technical know-how to unleash the very ransomware attacks they were hired to stop. Their betrayal has sent shockwaves through the cybersecurity community, serving as a chilling reminder that sometimes the threat comes from within.

Fast Facts

  • Ryan Goldberg (Georgia) and Kevin Martin (Texas) sentenced to 4 years in prison for ransomware-related crimes.
  • Both worked as ransomware negotiators before orchestrating attacks using BlackCat/Alphv ransomware.
  • Third conspirator, Angelo Martino (Florida), has pleaded guilty and awaits sentencing on July 9.
  • The trio laundered millions, receiving 80% of ransom payments and funnelling 20% to ransomware administrators.
  • Over 1,000 organizations were targeted by BlackCat between late 2021 and late 2023.

From Negotiators to Perpetrators

The story reads like a cyber-thriller gone wrong. Goldberg, Martin, and Martino were all employed at reputable cybersecurity firms, with two specializing in ransomware negotiations-helping victims communicate with hackers and, ideally, minimize ransom payments. But sometime in late 2021, greed eclipsed ethics. The trio began deploying BlackCat (also known as Alphv), a notorious ransomware strain, against unsuspecting companies. Their insider expertise allowed them to select lucrative targets and orchestrate sophisticated attacks, often exploiting the same weaknesses they were paid to identify and fix.

After infecting networks and encrypting essential data, they demanded massive ransoms. In one case, they extracted $1.2 million from a single victim. The operation was chillingly efficient: 20% of each ransom was kicked back to the BlackCat group’s core operators, while the remaining 80% was laundered through a web of digital transactions designed to evade detection.

Authorities say more than 1,000 organizations fell victim to BlackCat’s rampage before law enforcement disrupted the operation in late 2023. The group’s notoriety peaked when it allegedly received a $22 million payout, only to vanish in an “exit scam”-leaving both victims and lower-tier criminals empty-handed.

Trust Undermined

The fallout is profound. Not only have the three men been stripped of their freedom, but their actions have eroded trust in cybersecurity professionals-especially those tasked with negotiating on behalf of ransomware victims. The US government, meanwhile, continues to hunt for key BlackCat operatives, offering up to $10 million for actionable information. As Martino awaits sentencing, the industry is left to confront uncomfortable questions about oversight, ethics, and the potential for insider betrayal in an age of digital extortion.

WIKICROOK

  • Ransomware: Malicious software that encrypts a victim’s data, demanding payment for its release.
  • Ransomware Negotiator: A professional who communicates with cybercriminals on behalf of victims to reduce ransom demands and facilitate recovery.
  • BlackCat/Alphv: A sophisticated ransomware strain known for targeting large organizations and demanding high ransoms.
  • Exit Scam: When criminals abruptly disappear with collected funds, abandoning both victims and accomplices.
  • Launder: The process of disguising the origins of illegally obtained money, typically through complex transactions.