Cybersecurity Pros Accused Of Launching ALPHV BlackCat Ransomware Attacks On U.S. Businesses

Two self-proclaimed experts in digital defense stand accused of orchestrating some of the most devastating ransomware assaults on American companies.

Federal prosecutors in the Southern District of Florida unsealed an indictment on October 3, 2025, charging Ryan Clifford Goldberg of Watkinsville, Georgia, and Kevin Tyler Martin of Roanoke, Texas, with deploying the notorious ALPHV BlackCat ransomware variant.

The duo, along with an unnamed co-conspirator from Florida, allegedly targeted critical sectors from May 2023 to April 2025, extorting millions in cryptocurrency and causing widespread operational chaos.

The indictment paints a grim picture of betrayal from within. Goldberg and Martin, who positioned themselves as cybersecurity professionals, purportedly exploited their insider knowledge to breach networks of vulnerable businesses.

ALPHV BlackCat, emerging in late 2021, became a staple of cybercriminal arsenals, infecting hundreds of global entities.

In the U.S. alone, it struck over 20 victims in the Southern District of Florida, including universities, corporations, medical facilities, school districts, law firms, and financial institutions.

The attacks encrypted data, stole sensitive information, and demanded ransoms, leading to tens of millions in payments, disrupted operations, and massive data losses.

The Mechanics Of The Attacks

The scheme followed a classic ransomware playbook, amplified by the defendants’ technical savvy. As affiliates of ALPHV BlackCat’s developers, Goldberg, Martin, and their accomplice gained access to a dark web panel customized for their operations.

They infiltrated victims’ systems without authorization, exfiltrated proprietary data, and unleashed the malware to lock files.

Ransom notes directed companies to negotiate on the dark web, with payments funneled through Bitcoin or Monero addresses, then laundered via multiple transactions to evade tracking.

Key victims included a Tampa-based medical device firm hit on May 13, 2023, where the trio demanded $10 million but settled for about $1.27 million in virtual currency after encrypting servers and threatening data leaks.

A Maryland pharmaceutical company suffered a similar fate in May 2023, followed by a California doctor’s office in July ($5 million demand), an engineering firm in October ($1 million demand), and a Virginia drone manufacturer in November ($300,000 demand).

Each assault induced fear of economic ruin, forcing payouts to regain access and prevent exposure of stolen secrets.

Legal Ramifications and Broader Implications

Facing three felony counts conspiracy to interfere with interstate commerce by extortion, direct extortion, and intentional damage to protected computers the defendants could face up to 20 years per extortion charge and 10 years for the computer damage offense.

Prosecutors seek forfeiture of all proceeds, including cryptocurrency gains, under federal statutes.

One defendant, Goldberg, has been in federal custody since September 2023.

This case underscores the dark underbelly of the cybersecurity field, where expertise can fuel crime as easily as it combats it.

As ransomware evolves, incidents like these highlight the urgent need for robust defenses in an era when even “pros” turn predator.

The trial, estimated at five days, promises to expose the gritty details of digital extortion.