Two U.S. citizens were recently accused of conducting cyberattacks in the United States using BlackCat ransomware. Another person is alleged to be involved, although they were not a part of the indictment. The three people carried out the attacks while employed at cybersecurity firms.
Ryan Clifford Goldberg worked as an incident response specialist in Sygnia. Kevin Tyler Martin, together with an unnamed co-conspirator, worked as ransomware threat negotiators at DigitalMint, based in Chicago.
The two accused people are purported to have conspired to enrich themselves by getting unauthorized access to company systems, stealing their information, deploying ransomware to encrypt files, and threatening the victims to make cryptocurrency payments. The following is a list of companies, including HIPAA-covered entities, attacked by the two indicted individuals. From the list, only the medical device company paid the ransom.
- A medical device company in May 2023 – $10 million ransom demand – the company bargained with the attackers and paid $1,274,000
- A pharmaceutical firm in May 2023 – the amount of ransom demand was not reported
- A doctor’s office based in California in July 2023 – $5,000,000 ransom demand
- An engineering company in October 2023 – $1 million ransom demand
- A drone company in Virginia in November 2023 – $300,000 ransom demand
Kevin Tyler Martin, a resident of Texas, worked as a ransomware negotiator at DigitalMint from May 2023 to April 2025. The unnamed co-conspirator from Florida also worked at DigitalMint. The two are believed to have been dishonest workers and were dismissed by DigitalMint. Ryan Clifford Goldberg was Sygnia Cybersecurity Services’ incident response manager when the company was attacked. Goldberg is no longer working at Sygnia.
The two companies were not aware of the attacks that targeted their outside infrastructure and systems. DigitalMint stated that client data was not compromised during the incident. Nobody who appeared to have been impacted during the attack has been with the company beyond four months.
In April 2025, the FBI raided the house of the unnamed co-conspirator, and then the FBI interviewed Goldberg the next month, who at first denied his participation in the attack. Goldberg eventually said the unnamed co-conspirator recruited him and he agreed to conduct the attacks to pay his debt. He says that, together with the other two individuals, he got paid $200,000 for the attack. Martin does not admit having anything to do with the scheme.
On October 2, 2025, Martin and Goldberg faced charges of conspiracy to obstruct interstate business by extortion, deliberate damage to a safeguarded computer, and interference with interstate business. Martin was allowed to get out after paying a $400,000 bond, but he cannot work in cybersecurity prior to the trial.
Goldberg is kept under pending trial because he is regarded as a flight risk. In June, Goldberg arranged a one-way trip from Atlanta to Paris and went with his spouse. He stayed in France until September 21. Goldberg traveled from Amsterdam to Mexico City and was detained there. Afterward, he was deported to America. In case Martin and Goldberg are found guilty, they may be sentenced to 50 years in jail.