Former cybersecurity firm experts attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

U.S. prosecutors charged three Florida men for using BlackCat ransomware to hack and extort five U.S. companies in 2023.

U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023.

According to Federal prosecutors, the attacks occurred between May and November 2023.

Between May and November 2023, the defendants carried out ransomware attacks on five U.S. companies, demanding different ransom sums from each target: approximately $10 million from a medical device company (which ultimately paid about $1.27 million in cryptocurrency), an unspecified amount from a Maryland-based pharmaceutical firm, $5 million from a California doctor’s office, $1 million from a California engineering company, and $300,000 from a Virginia-based drone manufacturer.

While only the medical device firm paid, the others refused.

Ryan Clifford Goldberg is a former incident response manager at cybersecurity firm Sygnia. Kevin Tyler Martin was a ransomware threat negotiator for cybersecurity firm DigitalMint at the time of the alleged conspiracy, while a suspected accomplice who wasn’t indicted was also employed at the same company.

DigitalMint denied any misconduct, dismissed the two employees, and fully cooperated with investigators.

In October, the DOJ indicted two CLIFFORD GOLDBERG and KEVIN TYLER MARTIN for hacking and extortion in attacks on at least five U.S. companies.

“According to an affidavit filed in September by an FBI agent, the three men began using malicious software in May 2023 “to conduct ransomware attacks against victims,” first hitting a medical company in Florida by locking its servers and demanding $10 million to unlock the systems, court records say.” reported the Chicago Sun Times. “The FBI agent noted the men ultimately made off with $1.2 million, although it was apparently the only successful attack.”

Last month, the Department of Justice indicted Kevin Tyler Martin and another unnamed employee, who both worked as ransomware negotiators at DigitalMint, with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.

The FBI said their scheme ran until April 2025. Goldberg admitted helping launder $1.2M in crypto from a medical firm through mixers and wallets to hide the funds. He claimed debt drove him to join and later feared life imprisonment. After learning the FBI raided a co-conspirator, Goldberg fled to Paris with his wife. Both he and Martin were indicted on October 2 for extortion and computer damage.

Martin pleaded not guilty, while Goldberg allegedly confessed to the FBI that he was recruited by an unnamed co-conspirator to “ransom some companies” to escape debt. The third individual has not yet been indicted.

Goldberg and Martin face extortion and cybercrime charges that could lead to sentences of up to 50 years in federal prison.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)