Two ex-employees from cybersecurity incident response firms Sygnia and DigitalMint have admitted guilt in relation to BlackCat (ALPHV) ransomware attacks that targeted U.S. companies throughout 2023.

Ryan Clifford Goldberg, 33, from Watkinsville, Georgia (in federal custody since September 2023), and 28-year-old Kevin Tyler Martin from Roanoke, Texas, who faced charges in November, have now confessed to conspiring to disrupt commerce via extortion. They are scheduled for sentencing on March 12, 2026, with each possibly facing a maximum of 20 years in prison.

Alongside a third accomplice, these two affiliates of BlackCat ransomware compromised the networks of various victims across the United States from May to November 2023, receiving a 20% share of the ransoms in return for access to BlackCat’s extortion and ransomware platform.

Goldberg previously worked as an incident response manager at Sygnia, while Martin served as a ransomware threat negotiator at DigitalMint, similar to the unnamed third co-conspirator.

“These individuals utilized their advanced training in cybersecurity to conduct ransomware operations, which is the very crime they should have been preventing,” stated Assistant Attorney General A. Tysen Duva. “Extortion online harms innocent individuals just as much as directly stealing from their possessions.”

Per court filings, some of their alleged victims are a pharmaceutical company in Maryland, an engineering firm in California, a medical device manufacturer in Tampa, a drone manufacturer in Virginia, and a doctor’s office in California.

They demanded ransoms ranging from $300,000 to $10 million, although prosecutors stated that only $1.27 million was received from the Tampa medical device company after encrypting its servers and requesting $10 million in May 2023. While other ransom demands were made to additional victims, the indictment does not confirm if other payments occurred.

As reported by BleepingComputer, the Justice Department was investigating a former DigitalMint negotiator in July for collaborating with ransomware groups. The DOJ and FBI have not commented on this investigation, leaving the potential connection unclear.

In December 2023, the FBI developed a decryption tool after accessing BlackCat’s servers to track their actions and obtain decryption keys. Additionally, it was revealed that the BlackCat operation gathered over $300 million in ransom payments from more than 1,000 victims up until September 2023.

In a joint advisory in February 2024, the FBI, CISA, and the Department of Health and Human Services (HHS) alerted that BlackCat affiliates were mainly concentrating on organizations in the U.S. healthcare sector.

Broken IAM isn’t just an IT issue – the ramifications extend throughout your entire organization.

This practical guide details why traditional IAM approaches falter against modern needs, outlines what effective IAM entails, and offers a straightforward checklist for developing a scalable strategy.

Get the guide