Federal prosecutors have charged two cybersecurity professionals with orchestrating a sophisticated ransomware operation targeting American businesses.
Ryan Clifford Goldberg of Watkinsville, Georgia, and Kevin Tyler Martin of Roanoke, Texas, face serious federal charges, including conspiracy to interfere with interstate commerce by extortion, interference with commerce by extortion, and intentional damage to protected computers.
The two men allegedly deployed the ALPHV BlackCat ransomware strain across multiple attacks between May 2023 and April 2025, targeting at least five major corporations spanning the medical device, pharmaceutical, engineering, and drone manufacturing sectors.
The charges, filed in the United States District Court for the Southern District of Florida on October 2, 2025, reveal one of the most significant prosecutions targeting the notorious ALPHV ransomware-as-a-service operation.
The ALPHV BlackCat Infrastructure and Attack Pattern
ALPHV, also known simply as BlackCat, emerged in late 2021 as one of the most destructive ransomware variants in operation.
The indictment describes how the cybercriminals typically operate through a structured affiliate model.
Developers create and maintain the ransomware code, while recruited affiliates use it to conduct actual attacks against victims.
In this case, Goldberg and Martin allegedly served as affiliates, accessing victim networks, stealing sensitive data, deploying encryption, and demanding ransom payments in cryptocurrency.
The conspirators operated through a password-protected dark web panel where victims could negotiate payment and receive decryption tools upon ransom payment.
This model enabled the rapid proliferation of attacks against hundreds of organizations globally, with over twenty confirmed ALPHV victims in the Southern District of Florida alone.
The indictment specifically details five major attack incidents.
In May 2023, the defendants allegedly attacked a Tampa-based medical device company, encrypting its servers and demanding approximately $10 million in ransom.
The company ultimately paid $1.27 million in cryptocurrency to restore operations.
Additional documented incidents include attacks against a Maryland pharmaceutical company in May 2023, a California-based doctor’s office in July 2023 with a $5 million demand, a California engineering firm in October 2023 with a $1 million ransom request, and a Virginia drone manufacturer in November 2023 with a $300,000 demand.
Across the entire ALPHV campaign, victims suffered tens of millions in cryptocurrency payments, major operational disruptions, and significant data theft.
Both defendants face identical maximum penalties: 20 years imprisonment on each extortion-related charge and 10 years on the computer damage count, with possible fines reaching $250,000 or twice the gross gain obtained through the crimes.
The prosecution also seeks asset forfeiture of all proceeds traceable to the ransomware scheme.
This prosecution represents a significant escalation in federal law enforcement efforts targeting ransomware operators, signaling that investigators can successfully trace cybercriminals despite cryptocurrency’s pseudonymous nature.
The case underscores the growing legal consequences facing those who participate in organized ransomware attacks against American infrastructure and commerce.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1068,580&ssl=1&description=Ryan Clifford Goldberg of Watkinsville, Georgia, and Kevin Tyler Martin of Roanoke, Texas, face serious federal charges, including conspiracy){kind=link}