A federal district court in Miami has accepted guilty pleas from two American men involved in a series of ransomware attacks that targeted multiple victims across the United States in 2023. The individuals, Ryan Goldberg of Georgia and Kevin Martin of Texas, admitted to conspiring to extort businesses and organizations by deploying ALPHV BlackCat ransomware.
“These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Extortion via the internet victimizes innocent citizens every bit as much as taking money directly out of their pockets. The Department of Justice is committed to using all tools available to identify and arrest perpetrators of ransomware attacks wherever we have jurisdiction.”
U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida commented, “Ransomware is not just a foreign threat — it can come from inside our own borders. Goldberg and Martin used trusted access and technical skill to extort American victims and profit from digital coercion. Their guilty pleas make clear that cybercriminals operating from within the United States will be found, prosecuted, and held to account.”
Special Agent in Charge Brett Skiles of the FBI Miami Field Office added, “Malware like ALPHV (BlackCat) ransomware is used by bad actors to steal, extort, and launder proceeds from victim businesses and organizations. The FBI remains committed to working alongside its law enforcement partners to disrupt and dismantle criminal enterprises involved in ransomware attacks and to hold accountable not only the perpetrators but also anyone who knowingly enables or profits from them. We will continue to leverage our intelligence, law enforcement tools, global presence, and partnerships to counter cybercriminals who seek to harm the American public through these insidious attacks. We strongly encourage businesses to exercise due diligence when engaging third parties for ransomware incident response, report suspicious or unethical behavior, and to expeditiously report any ransomware attack to the FBI and our law enforcement partners to safeguard their security and privacy.”
According to court documents, Goldberg (40) and Martin (36), along with another co-conspirator, deployed ALPHV BlackCat between April 2023 and December 2023 against several U.S.-based targets. All three had backgrounds in cybersecurity but used their expertise for criminal purposes rather than protection efforts.
The group operated under an arrangement with ALPHV BlackCat administrators: they agreed that 20% of any ransom payments would go back to those administrators in exchange for use of both the malware itself and its extortion platform. After successfully obtaining approximately $1.2 million worth of Bitcoin from one victim organization, they divided their share among themselves before laundering it through various methods.
ALPHV BlackCat’s operations are reported as having targeted more than 1,000 entities worldwide using a model where developers create software while affiliates identify high-value targets for attack; ransoms paid were then split between developers and affiliates.
In December 2023, actions by federal authorities led by the Department of Justice disrupted ALPHV BlackCat’s activities: the FBI developed a decryption tool which enabled hundreds of victims globally—including those within U.S.—to restore systems without paying ransom demands; this effort saved nearly $99 million collectively for affected organizations.
Goldberg and Martin pleaded guilty each to conspiracy charges relating to obstruction or delay of commerce via extortion under federal statute 18 U.S.C §1951(a). Sentencing is scheduled for March 12th ,2026; both face up to twenty years imprisonment subject to judicial discretion based on sentencing guidelines.
The case investigation was led by the FBI Miami Field Office with assistance from other agencies including U.S Secret Service . Prosecution was managed jointly by attorneys at both national Computer Crime & Intellectual Property Section (CCIPS) level as well as local Assistant U.S Attorneys for Southern District Florida .
CCIPS works with domestic/international agencies plus private sector support; since 2020 it has secured over 180 convictions related to cybercrime cases returning more than $350 million stolen funds back into hands victims .
Significant support during investigation came also from Eastern District Texas & Middle District Georgia prosecutors along with Mexican airport investigative police unit.
Authorities urge private sector organizations experiencing suspicious activity or threats linked to cybercrime/ransomware contact National Threat Operations Center at 1-800-CALL-FBI , submit tips online via www.tips.fbi.gov , or reach out locally .
Victims are encouraged file reports through ic3.gov . Individuals providing information about ALPHV BlackCat may qualify rewards through State Department's Rewards For Justice program ; submissions can be made securely via Tor-based tip line provided by authorities .
Additional case information is accessible through official court websites associated with Southern District Florida proceedings under case number 25-cr-20443.
