Two former employees of US cybersecurity firms specializing in ransom negotiation have been indicted and accused of taking part in conspiracy to hack and exploit multiple companies.
The Chicago Sun Times named Kevin Tyler Martin of Roanoke, Texas, and Ryan Clifford Goldberg of Watkinsville, Georgia as implicated, alongside a suspected third accomplice who has not been indicted.
The two men are accused of deploying BlackCat (ALPHV) ransomware against five companies between May and November 2023. This ransomware was used by a prolific cybercriminal gang against a Florida-based medical device firm, as well as a pharmaceutical firm in Maryland, and a drone maker in Virginia.
ALPHV has been linked to several high-profile incidents, including a 2024 attack on insurance billing firm Change Healthcare that disrupted services nationwide. Authorities emphasize that Martin and Goldberg are not accused of involvement in that prior incident.
Kevin Tyler Martin and the unnamed co-conspirator were both employed as threat negotiators for DigitalMint, while Ryan Goldberg was an incident response manager for Syngia. All three individuals have been fired from their roles, and their previous employers are cooperating with law enforcement.
The Charges
According to a federal grand jury indictment, they are charged with conspiracy to interfere with interstate commerce by extortion, interference with commerce by extortion, and intentional damage to a protected computer.
Prosecutors allege the pair demanded roughly $10 million from the Florida medical device company and ultimately received about. $1.2 million.
According to CNN, DigitalMint have stated that Martin acted “completely outside the scope of his employment” and that the company had no knowledge of the alleged criminal activity. “The charged conduct took place outside of DigitalMint’s infrastructure and systems,” the statement continued.
“The co-conspirators did not access or compromise client data as part of the charged conduct.” The company also noted that the unnamed co-conspirator “may have also been a company employee” but that none of the individuals implicated have worked there in over four months.
Sygnia also confirmed that Goldberg’s employment was terminated “immediately upon learning of the situation” and said the company is cooperating with the FBI. “While Sygnia is not a target of this investigation, we are continuing to work closely with the Federal Bureau of Investigation,” the company said.
In July 2025, Bloomberg revealed that the FBI had opened an inquiry into a former DigitalMint employee accused of pocketing a portion of ransomware payments.
Experts Turning Against the Industry
The case highlights the rare, but concerning, scenario of cybersecurity professionals allegedly engaging in the very crimes they are employed to prevent. Ransomware attacks have become a major threat to critical infrastructure and the broader economy, costing billions of dollars annually.
“Companies, governments and people put a lot of trust in us to try to keep them safe,” Allan Liska, a ransomware researcher at Recorded Future, told CNN. “Incidents like this erode that trust and make an already difficult job even more challenging.”
Cybersecurity firms frequently collaborate with the FBI and international authorities to trace ransomware operations and collect evidence.
