Two American men have been sentenced to four years in federal prison for orchestrating ransomware attacks using the ALPHV BlackCat malware. The U.S. Department of Justice announced that Ryan Goldberg, aged 40 from Georgia, and Kevin Martin, aged 36 from Texas, were sentenced on April 30, 2026. They had admitted guilt in December 2025 for conspiracy charges related to ransomware activities targeting American businesses.
Background of ALPHV BlackCat
ALPHV BlackCat, a sophisticated ransomware, surfaced in late 2021 and quickly became a major threat. The malware is crafted in the Rust programming language, which allows it to operate on multiple systems, including Windows and Linux, enhancing its adaptability across different platforms.
This ransomware is known for using various methods to infiltrate systems, such as stolen credentials, phishing scams, and exposed remote desktop protocols. Once inside, it moves laterally through networks, disables security defenses, and encrypts vital files, demanding cryptocurrency payments for decryption.
Impact and Operations
The impact of ALPHV BlackCat has been widespread and devastating, with over 1,000 victims affected worldwide. Among these were U.S. businesses in sectors like healthcare and engineering. In one instance, a medical office’s patient data was leaked after refusing to pay the ransom. Goldberg, Martin, and accomplice Angelo Martino extorted around $1.2 million in Bitcoin from a single victim, dividing their share after laundering it through various channels.
Justice.gov and FBI investigators meticulously documented this operation, highlighting how the defendants leveraged their professional cybersecurity skills to exploit the very organizations they were meant to protect. Goldberg’s attempt to evade capture by fleeing through 10 countries underscores the lengths to which U.S. law enforcement will go to prosecute cybercriminals.
Ransomware-as-a-Service Model
A critical aspect of this case is the use of a ransomware-as-a-service model, which allows developers to maintain and update the malware while affiliates like Goldberg and Martin executed the attacks. This division made it challenging for investigators to pinpoint responsibility, as the perpetrators were separate from the developers.
Martino’s role added an insider element to the case, as he allegedly used his position as a ransomware negotiator to leak sensitive victim information, enabling the attackers to increase their ransom demands strategically. His sentencing is slated for July 9, 2026.
In December 2023, the FBI took action against ALPHV BlackCat by releasing a decryption tool to victims worldwide, preventing approximately $99 million in ransom payments and shutting down several of the group’s websites.
Organizations suspecting they are ransomware victims should contact their local FBI office or report it at ic3.gov. The Department of State’s Rewards for Justice program also offers rewards for information on ALPHV BlackCat activities.
Stay updated with the latest news by following us on Google News, LinkedIn, and Twitter, and consider setting us as a preferred source on Google.
