Two former cybersecurity professionals, including a ransomware negotiator, have admitted to orchestrating a series of ransomware attacks in 2023. The U.S. Department of Justice revealed the guilty pleas on Tuesday. Ryan Goldberg, aged 40, and Kevin Martin, aged 36, extorted $1.2 million worth of Bitcoin from a medical device company and attempted to target other organizations.

Goldberg, Martin, and an unnamed collaborator were charged in October for their involvement in deploying ALPHV / BlackCat ransomware to encrypt and exfiltrate data from their victims. According to a report by the Chicago Sun-Times, Martin and the third accomplice served as ransomware negotiators at Digital Mint, a company specializing in cybercrime response, while Goldberg was an incident response manager at Sygnia Cybersecurity Services.

ALPHV / BlackCat operates as a ransomware-as-a-service, where developers who create and maintain the malware receive a share of the ransom payments collected by cybercriminals targeting victims. In 2023, the FBI introduced a decryption tool aimed at recovering data for victims impacted by ALPHV / BlackCat, known for its attacks on prominent organizations such as Bandai Namco, MGM Resorts, Reddit, and UnitedHealth Group.

The Department of Justice’s indictment alleges that Goldberg, Martin, and their accomplice attempted to extract millions through ransomware attacks against various U.S. entities, including a pharmaceutical company, a doctor’s office, an engineering firm, and a drone manufacturer.

“These defendants exploited their advanced cybersecurity knowledge to carry out ransomware attacks, a crime they were supposed to prevent,” commented Assistant Attorney General A. Tysen Duva of the DOJ’s Criminal Division. “The Department of Justice is resolute in deploying every resource to identify and prosecute those responsible for ransomware attacks wherever our jurisdiction permits.”

Both Goldberg and Martin have pleaded guilty to a charge of “conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion.” Their sentencing is set for March 12, 2026, where they could face up to 20 years in prison.