Two men accused of hacking and extorting US companies previously worked for cybersecurity firms

By Sean Lyngaas, CNN

(CNN) — Two former employees of cybersecurity firms that sold services helping companies combat hackers have been indicted and accused of participating in a conspiracy, outside of their day jobs, to hack multiple US firms and extort them for millions of dollars.

The two men are accused of deploying ransomware used by a prolific cybercriminal gang in attacks in 2023 against a medical device firm in Florida, a pharmaceutical firm in Maryland and a drone maker in Virginia, among other alleged victims.

Kevin Tyler Martin of Roanoke, Texas, and Ryan Clifford Goldberg of Watkinsville, Georgia, face matching federal charges including interfering in interstate commerce through extortion and intentionally damaging a protected computer, according to an indictment filed in the US Southern District of Florida last month.

The men — and an unnamed alleged co-conspirator — are accused of demanding approximately $10 million from the Florida-based medical device maker to unlock the firm’s data, and ultimately received about $1.27 million, according to the indictment.

Attorneys for Martin and Goldberg declined to comment.

It’s a case of cyber experts allegedly switching sides in the fight against ransomware. The thriving ransomware market has grown into a threat that has disrupted critical services across the US and cost the economy billions of dollars.

Cybersecurity firms often work very closely with the FBI and international law enforcement to track down and collect evidence on ransomware gangs, which operate across borders and time zones. Many prominent security firms have been integral to helping law enforcement put accused ransomware operators in cuffs.

“Companies, governments and people put a lot of trust in us to try to keep them safe,” Allan Liska, who has tracked ransomware for years for cybersecurity firm Recorded Future, told CNN. “Incidents like this erode that trust and make an already difficult job even more challenging.”

The Chicago Sun-Times first reported on the indictment.

Martin worked for DigitalMint, an Illinois-based firm that helps victims recover from ransomware attacks and in some cases pays ransoms, according to its website. Goldberg worked for Sygnia Cybersecurity Services, a multinational firm whose offerings include simulating ransomware attacks for clients.

Martin acted “completely outside the scope of his employment,” DigitalMint said in a statement to CNN on Monday. “As expected, the indictment does not allege that the company had any knowledge of or involvement in the criminal activity. DigitalMint has been and continues to be a cooperating witness in the investigation and not an investigative target.”

“The charged conduct took place outside of DigitalMint’s infrastructure and systems,” DigitalMint’s statement continued. “The co-conspirators did not access or compromise client data as part of the charged conduct.”

DigitalMint said the unnamed co-conspirator who is listed as a defendant in the indictment “may have also been a company employee.”

“No one potentially involved in the charged scheme has worked at the company in over 4 months,” DigitalMint said.

Sygnia Cybersecurity Services said it terminated Goldberg’s employment “immediately upon learning of the situation.”

“While Sygnia is not a target of this investigation, we are continuing to work closely with the Federal Bureau of Investigation,” Sygnia said in its statement. “We cannot provide further comment on the ongoing federal investigation.”

In their alleged attacks, Martin and Goldberg are accused of using a ransomware known as ALPHV, one of the more prolific strains of ransomware in recent years. Like others in the ransomware ecosystem, ALPHV’s developers sell the code to hackers and then share the proceeds of the attacks, according to prosecutors and cyber experts.

ALPHV was allegedly used in a debilitating ransomware attack last year on insurance billing giant Change Healthcare, which cut off health providers from billions in revenue and snarled service at pharmacies across the US. Martin and Goldberg are not accused of involvement in that attack.

The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.