In a shocking twist that shows how even the good guys can go bad, two former employees from cybersecurity companies have admitted to helping a big hacking group with ransomware attacks. This happened in late 2025, and it has everyone in the tech world talking about trust and security. The men used their skills to hurt the same kinds of companies they were supposed to protect. Now, they face up to 20 years in prison each.
The two men are Ryan Clifford Goldberg, 33, from Watkinsville, Georgia, and Kevin Tyler Martin, 28, from Roanoke, Texas. Goldberg worked as an incident response supervisor at Sygnia, a cybersecurity firm based in Israel with offices in the US. Martin was a ransomware negotiator at DigitalMint, a company in Chicago that helps victims deal with cyber attacks. They pleaded guilty on December 19, 2025, to one count of conspiracy to interfere with commerce by extortion. Their sentencing is set for March 12, 2026.
Along with a third person who was not named but also worked at DigitalMint, they joined the ALPHV/BlackCat ransomware group as affiliates. This group is one of the most notorious hacking gangs out there. They have hit big targets like UnitedHealth Group’s Change Healthcare in 2024, causing a huge data breach for about 190 million people. As affiliates, Goldberg and Martin got access to the group’s tools to launch attacks and extort money. In return, they paid 20% of what they got to the group’s leaders.
The attacks happened between May and November 2023. They targeted five US companies: a medical company in Florida, a pharmaceutical firm in Maryland, a doctor’s office in California, an engineering company in California, and a drone maker in Virginia. In one case, they stole patient photos from the doctor’s office and posted them on the hackers’ leak site to pressure for payment. Only the Florida medical company paid up, giving about $1.2 million in Bitcoin. The other attacks did not get any money. They demanded up to $10 million from some victims.
What makes this so wild is the irony. These guys were pros hired to stop ransomware. Goldberg helped companies respond to attacks, and Martin negotiated with hackers to get data back. Instead, they used what they knew to do the crimes themselves. Assistant Attorney General Tysen Duva said, “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop.” FBI Special Agent in Charge Brett Skiles added that companies should check their partners carefully and report any weird behavior fast.
Also Read: Cyberattack Hits France’s Postal Service and Banks During Busy Christmas Time
After the attacks, the FBI talked to Goldberg in June 2023. Just 10 days later, he and his wife bought one-way tickets to Paris, maybe trying to run. Goldberg has been in jail since September 2023. The group was indicted in October 2025, and the pleas came soon after.
Both companies cut ties quickly. Sygnia said they fired Goldberg right away when they learned about it and helped the police. DigitalMint said they knew about Martin’s plea and are glad justice is being done. They stressed that this does not reflect on their work.
Ransomware is a big problem. It locks up computers and steals data, then asks for money to fix it. Groups like ALPHV/BlackCat have made billions this way. This case shows how insiders can be a threat. Experts say companies need better checks on employees and partners. It also reminds us that cyber jobs need strong ethics, because the skills can be used for bad.
From a tech view, this hurts trust in the industry. When the people who fight hackers become hackers, who can you trust? The DOJ says they will keep going after these crimes, no matter where. As AI and tech grow, we might see more cases like this if not careful.
People online are stunned. On sites like LinkedIn and X, folks share the story and warn about vetting partners. Some call it a “betrayal” of the field.
In the end, this plea is a win for justice, but it shows holes in cybersecurity. Watch for the sentencing in March 2026 to see what happens next. If you work in tech, this is a reminder: stay on the right side.
