← Back to articles

Ransomware Negotiator and Incident Response Manager Admit Involvement in Attacks

January 6, 2026

==========================================================================

Two cybersecurity professionals, a ransomware negotiator and an incident response manager, have confessed to orchestrating ransomware attacks, according to recent indictments and court proceedings.

Background of the Case

In October 2025, authorities indicted Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed third co-conspirator for running a ransomware operation. On Monday, both Goldberg and Martin pleaded guilty to conspiracy charges related to obstructing and disrupting commerce through extortion.

Details of the Scheme

The trio collaborated with the administrators of the ALPHV BlackCat ransomware to execute their attacks. They agreed to pay the ransomware operators 20% of any ransom collected in exchange for the malicious software. Leveraging their cybersecurity expertise, they deployed ransomware across five targets between May and November 2023, attempting to extort their victims.

Victims and Payments

Their targets included a medical device company, a pharmaceutical firm, a doctor's office, an engineering company, and a drone manufacturer. Only the medical device company paid a ransom, which amounted to approximately $1.2 million in Bitcoin. The conspirators divided the proceeds equally and attempted to launder the money, according to the Department of Justice.

Impact of the Attacks

The cyberattacks compromised around 1,000 systems across various sectors, highlighting the growing threat of ransomware. These incidents caused significant disruptions, including delays in medical prescriptions and operational halts in critical industries.

Notable Ransomware Activities

  • The ALPHV gang previously attacked Change Healthcare in 2024, impairing major pharmacy chains like CVS and Walgreens by disrupting their communication channels.
  • Following this attack, blockchain investigators tracked $22 million in cryptocurrency flowing to the ransomware group.
  • Law enforcement, including the FBI, responded by shutting down ALPHV’s online presence, forcing the gang to temporarily retreat.

Legal Consequences and Future Outlook

Goldberg and Martin face sentencing in March, with potential prison sentences of up to 20 years. Their case underscores the troubling trend of cybersecurity experts turning to cybercrime. ALPHV's operations, noted for sophisticated attacks, have shown resilience, often re-emerging with new tactics after law enforcement interventions.

Remarks from Authorities

Assistant Attorney General A. Tysen Duva condemned the defendants’ misuse of their cybersecurity skills for criminal purposes, emphasizing the importance of combating cybercrime with rigorous law enforcement.

Note: Some references to recent events and figures are based on legal filings and media reports. The content provided is for informational purposes.