Two American cybersecurity workers have been sentenced to jail for helping the BlackCat ransomware gang conduct attacks against multiple organizations in the US.

Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas were each sentenced to four years in prison for their roles in facilitating ransomware attacks during 2023, the US Department of Justice said in a statement published on April 30.

Goldberg and Martin pleaded guilty to the charges in December 2025.

The two men worked alongside, Angelo Martino, 41, of Florida, who pleaded guilty to working for BlackCat on April 20. The former ransomware negotiator is set to be sentenced in July.

The BlackCat ransomware operation, also known as ALPHV, first emerged in 2021. Between 2022 and 2024, it was one of the most active and notorious ransomware groups targeting victims globally.

Attackers regularly demanded millions of dollars in ransom payments for decryption keys. BlackCat members also used double-extortion tactics and leaked stolen data from victims who refused to pay.

Cybersecurity Staff Worked for Cybercriminals

According to court documents, Goldberg and Martin helped launch ransomware attacks against a range of victims and paid BlackCat administrators a 20% share of any ransom payments they received.

In one case, Goldberg, Martin and Martino received a Bitcoin ransom worth $1.2m, sharing 20% with BlackCat, while they split the remaining 80% between themselves.

In another attack, the former cybersecurity workers leaked patient data from a victim in the healthcare industry.

Prosecutors condemned the men for how they used the specialist skills they had acquired working in the cybersecurity industry to actively commit the harm that they were supposed to protect victims against.  

“These were supposed to be cybersecurity specialists who did good and helped businesses and people. Instead, they used their high-level cyber skills to feed their greed,” said assistant attorney general A. Tysen Duva of the US Justice Department.

“Ransomware attackers like this should be punished and removed from society to serve their lawful sentences so they cannot harm others,” he added.

Prior to being detained by the FBI, Goldberg had tried to flee, but agents tracked him across ten countries to capture him.

“Today’s sentencings show that ransomware criminals can operate anywhere, including right here in the United States, and that the FBI is actively working to track them down and dismantle their networks — wherever they exist,” said assistant director Brett Leatherman of the FBI’s cyber division

“Goldberg and Martin leveraged their technical skills and cyber security knowledge to extort millions from victims across the U.S., but the FBI’s global reach ensured that they ultimately faced justice,” he added.