Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware

A ransomware negotiator and an incident response manager have been indicted in Florida for allegedly conspiring to deploy the ALPHV/BlackCat ransomware against multiple US companies and extorting nearly $1.3 million from one of the victims.

According to a federal grand jury indictment unsealed in the Southern District of Florida, Ryan Clifford Goldberg, of Watkinsville, Georgia, and Kevin Tyler Martin, of Roanoke, Texas, are charged with conspiracy to interfere with interstate commerce by extortion, interference with commerce by extortion, and intentional damage to a protected computer.

Chicago Sun Times reported that at the time of the alleged conspiracy, Goldberg was an incident response manager with Sygnia Cybersecurity Services, and Martin worked as a ransomware threat negotiator for DigitalMint, a crypto broker that helps victims negotiate ransom payments and pay ransoms in cryptocurrency.

A third person, from Land O’Lakes, Florida, was involved in the attacks, but has not been named. This individual also worked as a ransomware threat negotiator for DigitalMint.

Prosecutors allege that between May 2023 and April 2025, the threesome secretly partnered with the ALPHV/BlackCat ransomware group to infiltrate and extort at least five victim organizations.

The indictment describes attacks demanding multimillion-dollar ransoms, including one case where a Tampa-based medical device manufacturer paid roughly $1.27 million in cryptocurrency to regain access to its encrypted servers.

Other victims included companies in Maryland, California, and Virginia.

Law enforcement seized ALPHV/Blackcat leak sites and offered a decryptor to victims in late 2023, and the infamous ransomware-as-a-service outfit pulled an exit scam after the attack on US-based Change Healthcare.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!