2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Americans Extorted at Least 5 Firms, Earning $1 Million From a Medical Device Maker Mathew J. Schwartz (euroinfosec) • December 30, 2025

Two cybersecurity professionals who moonlighted as BlackCat ransomware gang affiliates pleaded guilty to using the crypto-locking malware to extort victims in the United States.

See Also: Virtual Cloud Ransomware Tabletop: Unpacking an Attack from Detection to Recovery

Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, admitted in Miami federal court to participating in a conspiracy to extort five U.S. companies, including three healthcare organizations. A third, unnamed co-conspirator who resides in Land O'Lakes, Florida, is also suspected of being involved in all of the attacks, according to court documents (see: 2 Ex-Cyber Specialists Indicted for Alleged BlackCat Attacks).

Prosecutors said all three individuals were employed at cybersecurity services firms while hacking for BlackCat. Martin and the unnamed co-conspirator were ransomware ...