What happens when cybersecurity experts use their expertise for extortion? Fortunately, as it turns out, they can get caught too. In late December, two men in Florida pled guilty to charges of extortion related to ransomware attacks carried out in 2023.
Ransomware deployment and decryption
The defendants, Ryan Goldberg and Kevin Martin, as well as another co-conspirator successfully deployed ransomware between April 2023 and December 2023. They used a ransomware-as-a-service model platform called ALPHV BlackCat, which is believed to have targeted over a thousand victims worldwide.
The model works by developers creating and maintaining the ransomware infrastructure for affiliates to use. Affiliates then use the ransomware to target high-value victims, from businesses and institutions to individuals. Once the ransom is secured, it’s shared between the attackers and the developers.
The cybersecurity defendants used ALPHV BlackCat ransomware against multiple victims across the United States. In exchange, they agreed to give the platform admins 20% of their earnings. Following a successful extortion of the victim for around $1.2 million in Bitcoin, the attackers split their share of the ransom via money laundering. It’s believed that their special skills in cybersecurity likely gave them an advantage in carrying out such extortion.
Decryption and prevention
While the official press release doesn’t reveal how exactly they got caught, their activity does coincide with the development of a decryption tool by the FBI. The tool has helped some to restore their systems and save millions of dollars in ransom payments. The FBI also seized several ALPHV BlackCat websites.
Meanwhile, the FBI encourages potential victims to be vigilant to avoid falling victim to such exploitation:
“We strongly encourage businesses to exercise due diligence when engaging third parties for ransomware incident response, report suspicious or unethical behavior, and to expeditiously report any ransomware attack to the FBI and our law enforcement partners to safeguard their security and privacy.”
The defendants are scheduled to receive sentencing on March 12, 2026, with a maximum penalty of 20 years in prison on the table.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.