Ransomware negotiator hired to represent victims was working for the attackers

logickkk11 pts0 comments

Ransomware negotiator hired to represent victims was working for the attackers - Ars Technica

Skip to content

AI

Biz & IT

Cars

Culture

Gaming

Health

Policy

Science

Security

Space

Tech

Forum

Subscribe

Story text

Size

Small<br>Standard<br>Large

Width

Standard<br>Wide

Links

Standard<br>Orange

* Subscribers only

Learn more

Pin to story

Theme

Search

Sign In

Sign in dialog...

Text<br>settings

Story text

Size

Small<br>Standard<br>Large

Width

Standard<br>Wide

Links

Standard<br>Orange

* Subscribers only

Learn more

Minimize to nav

A former ransomware negotiator was sentenced to 70 months in prison yesterday after colluding with BlackCat scammers to extort the victims he was hired to protect.

As a ransomware negotiator for the company DigitalMint, Florida resident Angelo Martino’s job was “to negotiate with cybercriminals to mitigate the ransoms paid by [DigitalMint’s] clients,” the US government said in a sentencing memorandum on Tuesday. “Instead, Martino provided the cybercriminals with confidential negotiation information to maximize the ransoms in exchange for a portion of the ransom payments. Five of the victims whom Martino was supposed to help paid over $75 million to ransomware affiliates, including likely millions of dollars in ransom demands inflated as a result of the confidential information provided by Martino.”

Martino, 41, pleaded guilty and asked for a 24-month sentence, noting that he “provided substantial assistance that contributed to the indictment and conviction of two co-defendants.” As described in this November 2025 article, the co-defendants were Texas resident Kevin Martin, a ransomware negotiator for DigitalMint, and Georgia resident Ryan Goldberg, an incident manager at security firm Sygnia.

Martino had not yet been named by authorities when charges against Martin and Goldberg were announced last year. Martin and Goldberg were each sentenced to four years in prison in April 2026.

To compensate victims, Martino must forfeit property and pay 10 percent of any salary he earns after release. The government is due to submit a proposed order of forfeiture by next week.

Martino received millions of dollars in cryptocurrency as proceeds from the conspiracy, according to a factual proffer signed by Martino and US prosecutors. The FBI seized cryptocurrency from Martino, though he had already used much of it to buy two houses in Florida, a boat, and several vehicles.

“Sold out the very victims he was hired to represent”

Martino was charged in February with conspiracy to interfere with interstate commerce by extortion. He faced a maximum sentence of 20 years. The US said that sentencing guidelines based on Martino’s limited criminal history suggest a range of 70 to 87 months, and recommended “a sentence of at least the mid-point of this range.”

Victims of the scheme paid ransoms ranging from $213,000 to $26.8 million between April 2023 and September 2023. Besides the financial loss, the conspiracy “affected the ability of victims including companies in the financial services and health industry to provide services to customers,” the US said. Victims included a hospitality company, a nonprofit, a financial services company, a retail company, and a medical company, all of which had hired DigitalMint.

“Angelo Martino sold out the very victims he was hired to represent, handing their confidential negotiating positions to BlackCat actors to drive up ransoms and enrich himself,” FBI Cyber Division Assistant Director Brett Leatherman said yesterday.

Ransomware encrypts and steals data from computer networks in order to extort ransom payments. BlackCat, also known as ALPHV, caused chaos in the healthcare system by taking down the Change Healthcare payment network in February 2024 and was used against hundreds of other victims. The FBI said in December 2023 that it developed a decryption tool that gave victims the ability to restore their systems and seized several websites used by the ransomware group.

BlackCat administrators granted access to “affiliates,” who deployed the ransomware against victims and typically gave 20 percent of the proceeds to the BlackCat administrators. The government is still offering rewards of up to $10 million for information on BlackCat administrators and affiliates.

Martino and co-conspirators, in addition to working against their own clients’ interests, deployed the BlackCat ransomware themselves against five other victims, according to the US government.

“Martino further used his knowledge of ransomware and connections with ransomware actors to secure an affiliate account for himself, Martin, and Goldberg with ALPHV BlackCat,” the US said. “As an ALPHV BlackCat affiliate, the three men deployed ransomware against five victims, successfully extorting one payment for $1.2 million [from a medical device company]. Although the other victims did not pay the ransom demand, they nevertheless suffered consequential losses from the attacks.”

Chats with...

victims martino ransomware blackcat hired standard

Related Articles