Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
l'3dou men ldakhel: mofawid dyal Ransomware hterf b-li t3awn m3a l-gang dyal BlackCat
The Enemy Within: Professional Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks
TL;DR
Angelo Martino, a former professional ransomware negotiator, has pleaded guilty to conspiring with the BlackCat (ALPHV) ransomware gang. Martino betrayed his clients by feeding confidential negotiation strategies and insurance limits to attackers to maximize ransom payouts, while also directly participating in the deployment of malware against U.S. companies.
In a startling breach of professional ethics and cybersecurity trust, a professional ransomware negotiator has admitted to playing both sides of the fence. Angelo Martino, 41, of Land O'Lakes, Florida, pleaded guilty this week to charges involving the extortion of U.S. companies in collaboration with the notorious BlackCat ransomware group.
This case highlights a disturbing trend of "insider threats" within the very incident response (IR) firms that victims hire for protection.
A Double Agent in the Negotiation Room
Beginning in April 2023, Martino utilized his position as a negotiator at the firm DigitalMint to sabotage the victims he was hired to protect. According to the U.S. Department of Justice (DoJ), Martino represented five different ransomware victims while simultaneously feeding their confidential information to the BlackCat attackers.
Martino provided the cybercriminals with:
- Insurance policy limits: Allowing attackers to know exactly how much a company could afford to pay.
- Internal negotiation positions: Revealing the victim's "bottom line" and strategy.
- Confidential strategy: Giving the attackers the upper hand to demand higher ransoms.
By providing these details without the permission of his employer or his clients, Martino ensured the e-crime gang could extract the maximum possible amount from struggling businesses. In exchange for this "inside track," Martino received financial compensation from the attackers.
Beyond Negotiation: Deploying the Malware
The investigation revealed that Martino’s involvement went deeper than just bad-faith negotiations. He admitted to working with two other incident response professionals—Ryan Goldberg and Kevin Martin—to actively deploy BlackCat ransomware against multiple U.S. victims between April and November 2023.
The trio formed a sophisticated criminal cell within the industry:
- Angelo Martino & Kevin Martin: Employed by DigitalMint.
- Ryan Goldberg: An incident response manager for the cybersecurity firm Sygnia.
In one documented instance, the group successfully extorted approximately $1.2 million in Bitcoin from a single victim. The proceeds were split among the conspirators and laundered to hide the trail.
Forfeitures and Sentencing
The scale of the illicit operation was reflected in the assets seized by federal authorities. Officials seized approximately $10 million in assets from Martino, ranging from digital currency to physical luxury items including:
- Multiple vehicles
- A food truck
- A luxury fishing boat
Martino pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion. He faces a maximum penalty of 20 years in federal prison, with sentencing scheduled for July 9, 2026. His co-conspirators, Goldberg and Martin, pleaded guilty in December 2025 and are expected to be sentenced later this month.
A Betrayal of the Cybersecurity Industry
The case has sent shockwaves through the incident response community. Assistant Attorney General A. Tysen Duva emphasized the gravity of the betrayal, stating that Martino "harmed victims, his own employer, and the cyber incident response industry itself."
For organizations currently dealing with ransomware, this case serves as a grim reminder to perform due diligence not just on the attackers, but on the third-party responders hired to manage the crisis.
Source: https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html
