Federal prosecutors allege that three cybersecurity professionals, whose job was to help companies respond to ransomware attacks, instead carried out their own ransomware schemes against five U.S. businesses in 2023.Ryan Clifford Goldberg, Kevin Tyler Martin and an unnamed co–conspirator — all U.S. nationals — began using ALPHV, also known as BlackCat, ransomware to attack companies in May 2023, according to indictments and other court documents in the U.S. District Court for the Southern District of Florida. At the time of the attacks, Goldberg was a director of incident response at Sygnia Cybersecurity Services, while Martin, a ransomware negotiator at DigitalMint, allegedly collaborated with Goldberg and another co-conspirator, who also worked at DigitalMint and allegedly obtained an affiliate account on ALPHV. The trio are accused of carrying out the conspiracy from May 2023 through April 2025, according to an affidavit. The Chicago Sun-Times was the first to report on the indictment.Victims impacted by the attacks over a six-month period in 2023 included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor’s office, an engineering company based in California and a drone manufacturer in Virginia. Goldberg, Martin and their co-conspirator received a nearly $1.3 million ransom payment from the medical company in May 2023, but did not successfully extort a financial payment from the other victims, prosecutors said. Sygnia confirmed Goldberg was formerly employed by the company. “Immediately upon learning of the situation, he was terminated,” the company said in a statement. Goldberg’s attorney declined to comment.DigitalMint confirmed in a statement Monday that a former employee was indicted for organizing and participating in ransomware attacks. The company did not say when nor how it became aware of Martin and his co-worker’s alleged criminal activities, and did not describe the circumstances regarding the end of their employment.“The charged conduct took place outside of DigitalMint’s infrastructure and systems. The co-conspirators did not access or compromise client data as part of the charged conduct,” the company said in a statement. “No one potentially involved in the charged scheme has worked at the company in over four months.”ALPHV/BlackCat was a notorious ransomware and extortion group linked to a series of attacks on critical infrastructure providers. The ransomware variant first appeared in late 2021, and was later used in dozens of attacks on organizations in the health care sector. The group behind the ransomware strain also claimed responsibility for last year’s attack on UnitedHealth Group subsidiary Change Healthcare, which paid a $22 million ransom and became the largest health care data breach on record, compromising data on about 190 million people. Goldberg and Martin were both indicted Oct. 2 for conspiring to interfere with commerce by extortion, interference with commerce by extortion, and intentional damage to a protected computer. Martin was arrested Oct. 14 and freed on a $400,000 bond Oct. 24. He pleaded not guilty and is prohibited from working in cybersecurity awaiting trial. Martin’s attorney did not immediately respond to a request for comment.Goldberg was arrested Sept. 22 and ordered to remain in custody pending trial due to flight risk. Goldberg and his wife boarded a one-way flight to Paris from Atlanta on June 27 and remained in Europe until Sept. 21. When Goldberg flew directly from Amsterdam to Mexico City, he was arrested upon landing and deported to the United States.Court records show Goldberg allegedly confessed he was recruited by the unnamed co-conspirator to “try and ransom some companies” during an interview with the FBI June 17. The FBI seized his devices that day.According to authorities, Goldberg allegedly admitted that he conducted the attacks to get out of debt. He also allegedly told FBI agents that he and his two accomplices successfully extorted a ransom payment from the medical company, which earned him a $200,000 share.Martin and Goldberg each face a maximum penalty up to 50 years in federal prison.You can read the full indictment below.RyanCliffordGoldberg-KevinTylerMartin-indictmentDownloadThe post Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks appeared first on CyberScoop.