Two former cybersecurity professionals—once trusted to defend organizations against cyberattacks—have pleaded guilty to conducting a series of ransomware attacks that extorted nearly $1.3 million from a U.S. medical device company. The case, detailed in federal court filings and multiple investigative reports, is among the most striking insider‑betrayal incidents in the cybersecurity industry to date.

According to court documents, Kevin Tyler Martin, formerly a ransomware negotiator at Chicago‑based DigitalMint, and Ryan Clifford Goldberg, an incident response supervisor at Sygnia, admitted to participating in a coordinated ransomware campaign in 2023. Both men entered guilty pleas in federal court in Miami, acknowledging their roles in hacking the victim company’s systems, deploying ransomware, and extorting cryptocurrency payments to restore access.

Investigators revealed that Martin and Goldberg leveraged their insider knowledge of ransomware response workflows—knowledge gained through their legitimate employment—to execute attacks more effectively. Their scheme involved breaching corporate networks, stealing sensitive data, and deploying malware associated with the ALPHV/BlackCat ransomware group. The pair successfully extracted more than $1 million in cryptocurrency from a Florida‑based medical device firm, according to court filings.

The Chicago Sun‑Times reported that Martin was employed as a ransomware threat negotiator at DigitalMint during the conspiracy, a company known for assisting victims in navigating extortion demands. Goldberg, meanwhile, held a senior role in incident response at Sygnia, a global cybersecurity consultancy. Their employers immediately terminated both once their illicit activities came to light.

Federal prosecutors emphasized that the men’s professional backgrounds gave them unique insight into how organizations respond to ransomware incidents—insight they weaponized for personal gain. The pair now face up to 20 years in prison, along with fines and supervised release conditions, under charges of conspiracy to interfere with commerce by extortion.

This case underscores the growing risk posed by insider threats within the cybersecurity sector, where employees often have privileged access to sensitive systems, threat intelligence, and defensive playbooks. Security experts warn that organizations must strengthen internal monitoring, enforce strict access controls, and conduct continuous vetting—even for trusted cybersecurity personnel.

As the industry grapples with this high‑profile betrayal, the incident serves as a stark reminder: the line between defender and attacker can be dangerously thin when insider access is abused.