Ransomware negotiator admits guilt in aiding cybercrime group

Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals carry out extortion schemes against companies during cyberattacks.

On Monday, the U.S. Department of Justice announced that Martino admitted to his role in assisting ransomware operators across five separate incidents. While officially working on behalf of victims through cybersecurity firm DigitalMint, he was found to have secretly shared sensitive negotiation details with the operators of the ALPHV/BlackCat ransomware group.

According to prosecutors, Martino provided attackers with confidential information such as victim insurance coverage limits and internal negotiation strategies. Authorities said his objective was to increase ransom payouts, from which he personally received a share.

Officials described him as the third ransomware negotiator in the past year to be criminally charged for similar conduct.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva in a statement. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.”

The ALPHV/BlackCat group operates under a ransomware-as-a-service model, in which developers create and maintain malware, affiliated hackers deploy it in attacks, and they share a portion of the ransom proceeds with the operators.

In earlier enforcement actions last year, U.S. prosecutors also charged another DigitalMint employee, Kevin Tyler Martin, along with Ryan Clifford Goldberg, a former incident response manager at cybersecurity firm Sygnia, for allegedly collaborating with the same ransomware group while working in defensive cybersecurity roles.

At the time, investigators referenced a third individual involved in the scheme without naming him. That individual has now been identified as Martino.

Martino pleaded guilty to extortion and faces up to 20 years in prison. Authorities also confirmed that approximately $10 million in assets have already been seized from him.

The Department of Justice further stated that Martino admitted to collaborating with Goldberg and Martin in deploying ALPHV/BlackCat ransomware against multiple U.S. victims over six months in 2023. During that time, the group allegedly operated as affiliates of the ransomware network and generated more than $1.2 million from a single victim, according to prosecutors.

A spokesperson for DigitalMint said the company was unaware of Martino’s alleged criminal activity and stated that it had terminated the employees involved once the accusations surfaced.

In 2023, an international law enforcement operation disrupted ALPHV/BlackCat by seizing its dark web infrastructure. Authorities also released a decryption tool that helped more than 500 victims recover encrypted systems.