By Jake Bleiberg, Bloomberg
Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors alleged in court filings.
Ryan Clifford Goldberg, the former director of incident response at Sygnia Consulting Ltd., and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, were charged with working together to hack five businesses starting in May 2023. In one instance, they, along with a third person, received a ransom payment of nearly $1.3 million worth of cryptocurrency from a medical device company based in Tampa, Florida, according to prosecutors.
The trio worked in a part of the cybersecurity industry that has sprung up to help companies negotiate with hackers to unfreeze their computer networks — sometimes by paying ransom. They are also accused of sharing their illicit profits with the developers of the type of ransomware they allegedly used on their victims.
DigitalMint informed some customers about the charges last week, according to a document seen by Bloomberg News.
The other person who was allegedly involved in the scheme was also a ransomware negotiator at the same firm as Martin but wasn’t charged, according to court records. The person wasn’t identified in court records, nor are the companies that the defendants’ former employers.
Sygnia confirmed Goldberg had worked there. Martin last year gave a talk at a law school, which listed him as an employee of DigitalMint.
Goldberg is being held in a federal jail in Florida and his lawyer, federal public defender MaeAnn Renee Dunker, declined to comment. Court records don’t indicate whether Goldberg has entered a plea.
Martin, who was released on bond, has pleaded not guilty. His lawyer, Tor Ekeland, declined to comment.
The Chicago Sun-Times previously reported the charges.
DigitalMint President Marc Jason Grens said Martin’s alleged crimes were “completely outside the scope of his employment.” He said the third alleged conspirator “may have also been a company employee,” but he pointed out the indictment doesn’t accuse the Chicago-based firm of having “any knowledge of or involvement in the criminal activity.”
DigitalMint is not a target of the investigation, is cooperating with investigators and the “co-conspirators did not access or compromise client data as part of the charged conduct,” Grens said in an email. “No one potentially involved in the charged scheme has worked at the company in over four months,” he said.
Sygnia isn’t a target of the investigation and continues to work closely with investigators, said Andrea MacLean, a spokesperson. Sygnia, which has its headquarters in Israel, fired Goldberg “immediately upon learning of the situation,” MacLean said.
In ransomware attacks, hackers extort victims by freezing their computer systems, encrypting their data or threatening to release sensitive information online unless the attackers are paid. Extortion payments can run into the tens of millions of dollars and the attacks are estimated to cause billions of dollars in losses globally each year.
According to prosecutors, starting in May 2023, the two men began accessing outside companies’ computer systems, installing a type of ransomware known as ALPHV BlackCat and using it to steal and encrypt the victims’ data. In addition to the company in Tampa, Goldberg, Martin and the third person also tried to extort a Maryland pharmaceutical company, a drone manufacturer based in Virginia, an engineering firm and doctor‘s office, both of which are in California, prosecutors said. None of the companies are identified in court records.
The FBI and the US attorney’s office in Miami, which brought the case, didn’t respond to a request for comment on the case.
More stories like this are available on bloomberg.com
©2025 Bloomberg L.P.