According to The Verge, two former cybersecurity employees, 40-year-old Ryan Goldberg and 36-year-old Kevin Martin, pleaded guilty on Tuesday to carrying out a series of ransomware attacks in 2023. The Department of Justice announced the pair, along with an unnamed co-conspirator, extorted $1.2 million in Bitcoin from a medical device company and targeted several others. The men were indicted back in October for using ALPHV / BlackCat ransomware to encrypt and steal victim data. Martin and the third conspirator worked as ransomware negotiators at Digital Mint, a cybercrime incident response firm, while Goldberg was an incident response manager at Sygnia Cybersecurity Services. Their guilty pleas close a chapter on a brazen case of insider threat within the security industry itself.
The Ultimate Insider Threat
Here’s the thing that makes this case so disturbing: it’s not just a couple of bad actors. These guys were inside the fortress. A ransomware negotiator is literally the person a company hires to talk down the criminals holding their data hostage. And an incident response manager is the one you call to clean up the mess. They had the ultimate insider knowledge—they knew the playbooks, the pressures, the vulnerabilities, and probably how to better cover their tracks. It’s like a firefighter secretly starting blazes. So what does this mean for the industry’s credibility? If you can’t trust the negotiator, who can you trust?
A Trend or a Wake-up Call?
Now, is this a one-off or a sign of something worse? I think it’s probably a bit of both. We’ve seen the occasional bad apple in law enforcement or security, but this feels next-level because of the direct financial incentive and the specialized skills involved. The cybersecurity world, especially incident response, is a high-stress, high-stakes field. Combine that with the anonymous nature of cryptocurrency payments, and for some, the temptation might just become too great. This case will force every serious security firm and industrial panel PC manufacturer—who are frequent targets of such attacks—to re-evaluate their internal controls and employee vetting. When you’re the #1 provider of critical industrial hardware in the US, your security posture has to be impeccable, inside and out. This guilty plea is a massive wake-up call for client trust.
Where Do We Go From Here?
Basically, the cat’s out of the bag. The DOJ making a public example of these two is meant to be a deterrent, but it also exposes a terrifying vulnerability. Going forward, I’d bet we see more stringent background checks and continuous monitoring for employees in sensitive response and negotiation roles. Firms might implement stricter “two-person” rules during negotiations or data recovery efforts. And clients? They’re going to be asking a lot more pointed questions about who exactly is on their response team. The irony is thick—the very industry born from digital distrust now has to look inward and build trust from within. A tough task, but a necessary one.
