DOJ Sentences Two Americans to Prison for ALPHV BlackCat Ransomware Attacks
Key Takeaways Two U.S. citizens received four-year federal prison sentences for their involvement in ALPHV BlackCat ransomware attacks against American businesses. The convicted individuals, Ryan...
Key Takeaways
- Two U.S. citizens received four-year federal prison sentences for their involvement in ALPHV BlackCat ransomware attacks against American businesses.
- The convicted individuals, Ryan Goldberg and Kevin Martin, had pleaded guilty to conspiracy charges related to extortion.
- ALPHV BlackCat, a sophisticated, Rust-based ransomware-as-a-service (RaaS) operation, targeted over 1,000 victims globally, including critical medical and engineering sectors.
- A third co-conspirator, Angelo Martino, awaits sentencing for allegedly leveraging his role as a ransomware negotiator to aid the attackers.
- The FBI previously disrupted ALPHV BlackCat by providing a decryption tool to victims, saving nearly $100 million in potential ransom payments.
DOJ Sentences Cybercriminals Behind ALPHV BlackCat Ransomware Attacks
In a significant move against cybercrime, the U.S. Department of Justice (DOJ) announced on April 30, 2026, the sentencing of two American individuals to four years in federal prison. These convictions stem from their direct participation in ransomware campaigns that crippled numerous U.S. enterprises using the notorious ALPHV BlackCat ransomware.
Table Of Content
The Convictions and Guilty Pleas
The DOJ confirmed that Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, received their sentences after pleading guilty in December 2025. Both individuals admitted to conspiracy charges linked to ransomware-based extortion schemes targeting American companies. This sentencing underscores the U.S. government’s resolve to prosecute those who exploit digital vulnerabilities for financial gain.
Further details on the convictions are available in the official Department of Justice announcement, which can be accessed here.
The ALPHV BlackCat Modus Operandi
ALPHV BlackCat emerged in late 2021, quickly establishing itself as one of the most advanced ransomware operations globally. Developed in the Rust programming language, its cross-platform compatibility (Windows and Linux) allowed it to adapt to diverse network environments. The ransomware propagated through various initial access vectors, including compromised credentials, sophisticated phishing campaigns, and poorly secured remote desktop protocol (RDP) services.
Upon gaining entry, ALPHV BlackCat operators would conduct lateral movement within the network, disable security measures, and encrypt vital files. Ransom demands, typically in cryptocurrency, followed these actions. The group operated a sophisticated ransomware-as-a-service (RaaS) model, enabling affiliates to deploy the malware in exchange for a percentage of the collected ransom. Additional details on the group’s operations can be found in the same DOJ document.
Widespread Impact and Financial Gains
The destructive reach of ALPHV BlackCat was extensive, impacting over 1,000 victims worldwide. Court records reveal that targeted entities included vital medical and engineering service providers across the United States. In one instance, patient data from a healthcare provider was leaked after the organization refused to pay the ransom. Goldberg and Martin, alongside co-conspirator Angelo Martino, 41, of Florida, successfully extorted approximately $1.2 million in Bitcoin from a single victim. The three men then laundered the funds and split 80 percent of the proceeds.
Law Enforcement’s Response and Ongoing Investigations
Analysts and investigators from Justice.gov and the FBI Miami Field Office meticulously documented the criminal enterprise. A striking revelation was that all three defendants possessed professional cybersecurity experience, which they perverted to attack the very types of organizations they were trained to protect. The FBI’s pursuit of Goldberg spanned ten countries after he attempted to evade prosecution by fleeing abroad, demonstrating the unwavering commitment of U.S. law enforcement to hold cybercriminals accountable.
The ALPHV BlackCat RaaS model presented unique challenges for
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.