U.S. federal prosecutors have charged three Florida men—Ryan Clifford Goldberg, Kevin Tyler Martin, and an unindicted accomplice, for a series of ransomware attacks targeting U.S. businesses. The defendants are accused of using the BlackCat ransomware variant in five separate hacking and extortion attempts that occurred between May and November 2023. The targets included a medical device company, a pharmaceutical firm, a doctor’s office, an engineering company, and a drone manufacturer.
The group demanded substantial ransoms from their targets, with requests ranging from $300,000 up to $10 million. While four of the targeted companies refused to pay, one medical device firm eventually paid approximately $1.27 million in cryptocurrency. According to court records, this was the only successful extortion. One of the accused, Goldberg, later admitted to helping launder the stolen crypto through mixers and various wallets in an effort to hide the funds.
Both Goldberg and Martin were employed in the cybersecurity and threat negotiation industries at the time of the alleged conspiracy, raising serious concerns about insider threat and abuse of specialized knowledge. Goldberg was a former incident response manager at the cybersecurity firm Sygnia, while Martin and the unindicted co-conspirator worked as ransomware negotiators for the firm DigitalMint. DigitalMint has since denied any misconduct, dismissed the two employees, and fully cooperated with federal investigators.
The defendants were indicted in October on multiple counts of computer hacking and extortion. According to the FBI, the scheme was active until the FBI raided the home of an alleged co-conspirator. Fearing capture, Goldberg fled the country to Paris with his wife. He later allegedly confessed to the FBI that debt had driven him to participate in the scheme, which he joined after being recruited by the unnamed accomplice.
Martin has pleaded not guilty to the charges. Goldberg and Martin now face severe federal penalties, with their extortion and cybercrime charges potentially carrying sentences of up to 50 years in federal prison. The third individual connected to the conspiracy has not yet been formally indicted by the Department of Justice.
Reference:
