DOJ Imprisons Two for ALPHV Black Sentences Americans

On April 30, 2026, two American cybersecurity professionals were each sentenced to four years in federal prison. The Department of Justice confirmed these convictions for their role in ransomware attacks that targeted multiple U.S. businesses. These individuals were found guilty of deploying the ALPHV BlackCat ransomware, according to an official Department of Justice announcement.

The U.S. Department of Justice confirmed the sentencing of Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, both of whom had pleaded guilty in December 2025 to conspiracy charges related to extortion through ransomware activity targeting American companies.

ALPHV BlackCat first emerged as a serious threat around late 2021 and quickly became one of the most sophisticated ransomware families tracked by global security agencies.

Written in the Rust programming language, it was designed to run across multiple operating systems, including Windows and Linux, which made it highly adaptable to different environments.

The ransomware spread through several attack vectors such as stolen credentials, phishing emails, and exposed remote desktop protocol services.

Once inside a target network, it moved laterally, disabled security tools, and encrypted critical files before demanding payment in cryptocurrency.

Its operators ran a ransomware-as-a-service platform that allowed outside affiliates to use the malware in exchange for a share of the ransom proceeds.

The scale of destruction caused by this ransomware group was significant and far-reaching. Court documents confirmed that ALPHV BlackCat targeted more than 1,000 victims worldwide, including businesses providing medical and engineering services across the United States.

In one case, patient data from a doctor’s office was leaked after the victim did not comply with the ransom demand. Goldberg and Martin, along with co-conspirator Angelo Martino, 41, of Florida, successfully extorted approximately $1.2 million in Bitcoin from one victim alone, with the three men splitting their 80 percent share of the proceeds after laundering the funds through various means.

Justice.gov analysts and investigators from the FBI Miami Field Office identified and fully documented the scope of this criminal scheme, noting that all three defendants held active professional cybersecurity experience and used it to attack the very type of organizations they had been trained to protect.

The FBI’s investigation tracked Goldberg across 10 countries after he attempted to flee abroad to avoid prosecution, a clear demonstration of how far U.S. law enforcement will go to hold cybercriminals fully accountable for their actions.

One key aspect worth examining closely in this case is how the defendants leveraged the ransomware-as-a-service model to reduce their own exposure while maximizing financial gain.

In this setup, the core ALPHV BlackCat developers maintained the malware code, updated its capabilities, and managed backend infrastructure that included negotiation portals and data leak sites.

Affiliates such as Goldberg and Martin handled the actual intrusion work, identifying targets and deploying the ransomware in the field. After a victim paid, developers kept 20 percent and affiliates retained 80 percent of the ransom.

This clear division of labor made attribution harder for investigators since those conducting the attacks were entirely separate from those building the tools.

What further complicated this case was the insider dimension linked to Martino, who allegedly used his position as a ransomware negotiator for victims to pass confidential victim information directly to threat actors, allowing attackers to increase ransom demands in a targeted and calculated way. His sentencing hearing is currently scheduled for July 9, 2026.

The FBI had previously moved against ALPHV BlackCat in December 2023 by developing a decryption tool shared with hundreds of victims globally, saving approximately $99 million in ransom payments and seizing several websites the group had operated.

Organizations that believe they may be ransomware victims are advised to contact their local FBI field office or submit a report at ic3.gov.

Any individual holding information about ALPHV BlackCat activities may also be eligible for rewards through the Department of State’s Rewards for Justice program.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.