Two former cybersecurity professionals have received prison sentences for their involvement in the ALPHV/BlackCat ransomware operation, which targeted organizations across the United States and globally.

Kevin Tyler Martin, 36, from Texas, and Ryan Clifford Goldberg, 40, from Georgia, each received four-year prison sentences after pleading guilty in December 2025. Prosecutors said that the two men collaborated to deploy the ALPHV/BlackCat ransomware in attacks carried out between April and December 2023, extracting substantial ransom payments from multiple victims.

They worked together with a third accomplice, Angelo Martino, 41, of Florida, who is set to be sentenced in July 2026. Authorities said the group leveraged their professional cybersecurity expertise to execute the attacks more effectively and increase ransom amounts.

À l'époque, Martin et Martino étaient employés par DigitalMint, une société axée sur les services de négociation de rançons, tandis que Goldberg travaillait comme responsable en réponse aux incidents chez Sygnia. Le ransomware utilisé lors des attaques faisait partie d'une opération ransomware-as-a-service aujourd'hui disparue, qui aurait touché plus de 1 000 victimes à travers le monde.

In one instance, the group extorted about $1.2 million in Bitcoin from a single target. Authorities said Martin and Goldberg shared 80% of the proceeds with Martino and then attempted to conceal the funds through laundering.

Martino, who had previously worked as a ransomware negotiator, is accused of exploiting his role by providing attackers with confidential details about victims’ cyber insurance limits, allowing them to demand higher ransoms. He pleaded guilty last month.

A former pharmacist charged in years-long spyware scheme targeting co-workers

A former pharmacist at the University of Maryland Medical Center has been charged in a cyber intrusion case involving the alleged surveillance and hacking of more than 200 colleagues over nearly a decade.

Prosecutors say Matthew Bathula, 41, of Clarksville, carried out a sophisticated scheme between July 2016 and September 2024 while working as a pharmacy clinical specialist. He faces two counts of unauthorized access to protected computers and one count of aggravated identity theft.

Les autorités allèguent que Bathula a utilisé divers outils et méthodes pour accéder aux ordinateurs professionnels et aux comptes personnels des victimes, notamment des keyloggers, le vol de cookies, la manipulation des règles de messagerie et d’autres moyens afin de récolter des noms d’utilisateur, des mots de passe, des images, des vidéos et d’autres données sensibles des victimes. Cela lui a permis d’accéder à un large éventail de services en ligne, notamment Google Photos, iCloud, Gmail, Microsoft 365 et des comptes de réseaux sociaux. Dans certains cas, il aurait créé des règles de messagerie supprimant automatiquement les alertes de cybersécurité.

Bathula is also accused of installing spyware on company computers to conduct covert video surveillance, recording people without their consent, including female staff members in private situations such as undressing, pumping breast milk, and engaging in intimate activities at home.

S'il est reconnu coupable, Bathula encourt jusqu'à 10 ans de prison pour un chef d'accusation d'accès non autorisé à un ordinateur, cinq ans supplémentaires pour un deuxième chef d'accusation, et une peine obligatoire de deux ans pour usurpation d'identité aggravée.

Le négociateur du gang de ransomware Karakurt condamné à 8 ans et demi de prison dans une affaire de 56 millions de dollars

A Latvian man who worked as a negotiator for a ransomware group has been sentenced to 8.5 years in a US federal prison. Deniss Zolotarjovs, 35, received a 102-month sentence after admitting to conspiracy involving money laundering and wire fraud.

Authorities say he played an important role in ransomware operations linked to a group called Karakurt (aka Conti, TommyLeaks, Royal, Akira, and SchoolBoys Ransomware), which was led by former leaders of the Akira and Conti ransomware gangs. He is the first known member of the Karakurt group to be extradited to the United States to face charges.

The organization operated from Russia’s St. Petersburg and had a hierarchical structure and multiple front companies across several countries to hide its activities. It engaged in corruption, exploited public resources for profit, and included former law enforcement officers who used their connections to access government data, intimidate critics, and recruit members. Its leaders also evaded taxes and paid bribes to secure privileges, including exemptions from military service for members, according to the US Department of Justice.

Zolotarjovs a été arrêté en Géorgie en décembre 2023 et amené aux États-Unis en août 2024. Entre juin 2021 et mars 2023, il a participé à des cyberattaques visant au moins 53 victimes, causant plus de 56 millions de dollars de pertes.

Bien qu'il n'ait pas mené les attaques lui-même, il a examiné les données volées et géré les négociations de rançon. Il communiquait souvent directement avec les victimes et conseillait son équipe sur la manière de faire pression sur les victimes pour qu'elles paient. Dans un cas, il aurait menacé de publier sur le Dark Web des dossiers médicaux sensibles provenant d'un prestataire de soins pédiatriques.

Prosecutors said he earned about 10% of the ransom payments, which were made in cryptocurrency and later moved through several digital wallets before being converted into Russian rubles.

Two US nationals sentenced in scheme aiding North Korean IT fraud

Deux hommes américains ont été condamnés à la prison pour leur rôle dans un plan qui a permis de générer des revenus pour la République populaire démocratique de Corée (RPDC) grâce à des contrats de travail à distance frauduleux dans le secteur des TI.

Matthew Issac Knoot, de Nashville (Tennessee), et Erick Ntekereze Prince, de New York, ont chacun été condamnés à 18 mois de prison. Selon les procureurs, les deux hommes avaient aidé un réseau de travailleurs informatiques étrangers en recevant et en hébergeant des ordinateurs portables d'entreprise dans leurs résidences aux États-Unis.

According to court documents, the defendants allowed the devices to be shipped to their homes by US companies that believed the workers they had hired were based domestically. Knoot and Prince then installed remote desktop software on the laptops, enabling foreign co-conspirators to access the systems and perform work while appearing to operate from within the United States.

Authorities said the schemes were part of a broader effort to funnel money to North Korea. In total, the operations generated more than $1.2 million in revenue and affected nearly 70 US companies.

In an unrelated case, Marlon Ferro, aka 'GothFerrari,' was sentenced in the US to 78 months in prison for his role in a nationwide crypto theft operation that stole more than $250 million via social engineering schemes. Ferro helped the group by burglarizing victims’ homes to steal hardware wallets, including a 2024 theft of 100 bitcoin worth over $5 million. In addition to the prison sentence, he was ordered to pay $2.5 million in restitution and serve three years of supervised release.

Obtenir une démonstration

ImmuniWeb peut vous aider à prévenir les violations de données et à respecter les exigences réglementaires.

Un citoyen roumain extradé aux États-Unis pour faire face à des accusations de piratage

Romanian citizen Gavril Sandu, 53, has been extradited to the United States in connection with an international hacking and bank fraud scheme that dates back nearly 17 years. Sandu was indicted in 2017 on charges of bank fraud and conspiracy, arrested in Romania on January 9, 2026, and transferred to US custody on April 30, 2026.

According to prosecutors, between May 2009 and October 2010, Sandu and his co-conspirators allegedly hacked into the VoIP systems of small businesses and used them to place spoofed phone calls impersonating banks. The scheme, commonly known as “vishing,” tricked victims into disclosing debit card numbers and PINs, which were then used to access bank accounts and steal funds.

Selon les autorités, Sandu a collecté les identifiants bancaires volés, les a encodés sur des cartes à bande magnétique falsifiées, et a retiré du cash auprès de distributeurs automatiques compromises et de comptes bancaires compromis. Les procureurs allèguent également qu'il a agi en tant que "money mule", distribuant les bénéfices parmi les membres de l'opération criminelle.

À la suite de son extradition depuis la Roumanie, Sandu a été placé en détention fédérale dans l'attente de son procès. S'il est reconnu coupable, il encourt une peine maximale de 30 ans de prison.