DOJ sends two cybersecurity insiders to prison for moonlighting as BlackCat affiliates

Two industry practitioners — Ryan Goldberg, an incident response manager at Sygnia, and Kevin Martin of DigitalMint — drew four-year federal sentences for running BlackCat ransomware against U.S. targets through 2023. They operated alongside DigitalMint colleague Angelo Martino, who pleaded guilty separately and is awaiting sentencing in July 2026. The trio paid ALPHV/BlackCat operators a 20% cut for platform access and split the rest, including roughly $1.2 million in Bitcoin from a single victim that was then laundered.

The abuse went beyond deployment. Martino, working in the negotiation role, fed BlackCat operators confidential details from victims’ cyber insurance policies so the gang could anchor demands at the upper limit of available coverage. That weaponizes the same insurance posture data defenders are paid to protect, and it turns ransom negotiation — already an asymmetric exchange — into a rigged auction.

The case sharpens an unresolved structural question for the IR and ransom-negotiation industry: practitioners sit on top of victim telemetry, internal access, and policy limits with limited external oversight, and BlackCat’s RaaS economics made affiliate access trivial to obtain. Even with the ALPHV brand defunct, the affiliate model and the trust gap it exploited remain intact.