Two men have pleaded guilty in federal court in Florida to participating in ransomware attacks that targeted multiple victims across the United States in 2023, the U.S. Department of Justice said.
According to court records, Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, admitted to conspiring to obstruct commerce by extortion through the use of ALPHV, also known as BlackCat, ransomware. Their guilty pleas were accepted by a federal judge in the U.S. District Court for the Southern District of Florida.
Prosecutors said the defendants, along with a third co-conspirator, carried out ransomware attacks between April and December 2023 using the BlackCat ransomware platform. The group agreed to pay administrators of the ransomware operation a 20% share of any ransom payments in exchange for access to the malware and its extortion infrastructure.
Court documents state that the defendants worked in the cybersecurity industry and used their technical expertise to gain unauthorized access to victim networks. In one attack, prosecutors said the group extorted approximately $1.2 million in Bitcoin from a victim, later dividing their share of the proceeds and laundering the funds.
The Justice Department said BlackCat operated as a ransomware-as-a-service enterprise, in which developers maintained the malware and online infrastructure while affiliates carried out attacks against selected victims. Authorities estimate the group targeted more than 1,000 victims worldwide.
The case follows earlier law enforcement actions taken in late 2023 to disrupt BlackCat’s operations. At that time, the FBI developed a decryption tool that allowed hundreds of victims to recover their systems without paying ransom, and seized several websites associated with the group.
Goldberg and Martin each pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion. They face a maximum sentence of 20 years in prison. Sentencing is scheduled for March 12, 2026.
The investigation was led by the FBI’s Miami Field Office, with assistance from the U.S. Secret Service and other domestic and international law enforcement agencies. Prosecutors from the Justice Department’s Computer Crime and Intellectual Property Section and the U.S. Attorney’s Office for the Southern District of Florida are handling the case.
