Two Security Experts Jailed for Helping Ransomware Gang They Were Hired to Fight

When the People You Hire to Help Are Working for the Enemy

Two cybersecurity professionals who were supposed to protect ransomware victims were just sentenced to four years in prison for secretly helping the attackers. Ryan Goldberg and Kevin Martin worked both sides of the crime, collecting fees from victims while feeding information to the ransomware gang. This case reveals a troubling truth: not everyone offering to help during a cyberattack can be trusted.

The Details

Goldberg and Martin ran what appeared to be a legitimate incident response business. Companies and organizations hit by ransomware would hire them to negotiate with attackers and help recover encrypted files. These victims trusted them completely during their most vulnerable moments.

But behind the scenes, both men were colluding with the ransomware gang itself. They shared victim information with the attackers. They helped the criminals understand which victims could afford to pay more. In some cases, they even helped the gang improve their attack methods. All while charging victims thousands of dollars for their "services."

This wasn't a case of good people who made one bad decision. These were security experts who built an entire business model around betrayal. They knew exactly what they were doing, and they did it repeatedly for financial gain.

Who Is Affected

Small businesses face the biggest risk from this kind of deception. When you're hit with ransomware, you're already in crisis mode. Your systems are locked, your data is held hostage, and you're desperate for help. You don't have time to thoroughly vet every security consultant who offers assistance.

Anyone who has hired or might hire an incident response firm should pay attention to this case. That includes medical practices, law firms, accounting offices, retailers, and any organization that handles sensitive data. The people you bring in during an emergency have access to everything: your systems, your financials, your customer data, and your vulnerabilities.

What You Should Do Right Now

1. Vet security consultants before you need them. Research and identify trusted incident response firms now, while you're not in crisis mode. Check references, verify certifications, and confirm they have no complaints with the Better Business Bureau.

The Bigger Picture

This case highlights why independent verification matters in cybersecurity. The industry has grown quickly, and not everyone in it has good intentions. Some see desperate victims as opportunities rather than people to protect. Staying informed about cases like this helps you recognize red flags and ask better questions when choosing who to trust with your digital security.

How GetCyberRight Can Help

Our Cyber Threat Radar tool helps you track verified threat intelligence and validate security advisories before making critical decisions. When someone tells you there's an urgent threat or offers emergency services, you can check trusted sources to confirm the situation is real. This simple step can protect you from both real attacks and the criminals who pretend to fight them.