Lunedi 06 Luglio 2026 16:47:52 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContatti
ItalianoEnglishArabic

Ransomware & Extortion

Guardians Gone Rogue: Cybersecurity Pros Jailed for Orchestrating BlackCat Attacks

Published: 01 May 2026 15:04Category: Ransomware & ExtortionGeo: North AmericaAuthor: TRUSTBREAKER

Subtitle: Two respected security experts used their insider skills to unleash ransomware havoc, landing four-year prison terms.

In a shocking twist that has rocked the cybersecurity world, two seasoned professionals-once trusted to defend digital fortresses-have instead been exposed as masterminds behind a wave of BlackCat ransomware attacks. Ryan Goldberg and Kevin Martin, hailed as protectors of networks, are now convicted felons, sentenced to four years each for turning their expertise against the very systems they were hired to protect.

Fast Facts

  • Ryan Goldberg (Georgia) and Kevin Martin (Texas) sentenced to 4 years for BlackCat ransomware attacks.
  • The duo, along with a third conspirator, targeted U.S. victims between April and December 2023.
  • They received 80% of ransoms, paying 20% to BlackCat administrators for use of the ransomware platform.
  • One victim paid $1.2 million in Bitcoin; funds were laundered to hide the crime.
  • All perpetrators were employed in the cybersecurity industry, exploiting their skills for criminal gain.

The Department of Justice’s announcement sent ripples through the tech industry: Goldberg, once an incident response manager at Sygnia, and Martin, a DigitalMint employee, weren’t just defending clients-they were orchestrating cyber extortion. Working alongside Angelo Martino, who awaits sentencing, the trio deployed the notorious BlackCat (also known as ALPHV) ransomware against organizations across the country. Their inside knowledge of digital defenses became a weapon, not a shield.

Their crimes were both technical and calculated. By leveraging their expertise, the group infiltrated networks, encrypted critical data, and demanded payment for its release. They cut a deal with BlackCat’s operators-paying a 20% “fee” for access to the ransomware platform and extortion tools. The remaining 80% of each ransom, often paid in cryptocurrency, was split among themselves and laundered through digital channels to evade detection.

One particularly brazen attack netted the group $1.2 million in Bitcoin. Martino, acting as a negotiator, used privileged information about victims’ insurance policies to increase payouts, betraying the trust of those he was supposed to help. The group’s actions exemplified a disturbing trend: the insider threat, where those entrusted with security become the threat itself.

BlackCat’s ransomware-as-a-service model enabled even seasoned professionals to cross ethical lines, providing a turnkey criminal enterprise for those willing to pay. While the BlackCat group itself has reportedly disbanded, its legacy persists, with over 1,000 victims worldwide left to count the cost of compromised trust and stolen data.

The conviction of Goldberg and Martin serves as a stark reminder: in the digital age, the line between guardian and intruder can vanish in an instant. As businesses reassess who they trust with their most sensitive systems, the case underscores the urgent need for vigilance-not just against external hackers, but against those who know the defenses best.

WIKICROOK

  • Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
  • Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
  • Incident Response: Incident response is the structured process organizations use to detect, contain, and recover from cyberattacks or security breaches, minimizing damage and downtime.
  • Extortion Platform: An extortion platform is a website where hackers post stolen data to pressure victims into paying a ransom, increasing the impact of cyberattacks.
  • Insider Threat: An insider threat is when someone within an organization misuses their access to systems or data, intentionally or accidentally causing harm.