Working with the enemy: Ransomware negotiator-turned cyber criminal jailed after working with hackers to extort clients
Angelo Martino was supposed to be negotiating on behalf of victims, but was secretly working for ransomware operators
A ransomware negotiator has been sentenced to 70 months in prison after secretly conspiring with hackers to extort clients.
Angelo Martino, 41, of Land O’Lakes, Florida, worked at US-based cyber incident response company DigitalMint in April 2023 when he started conspiring with the operators of the BlackCat ransomware group.
BlackCat paid Martino to provide confidential information about the negotiating position and strategy of his employer’s clients, along with the details of their ransomware insurance, to help maximize the ransoms paid.
Notably, Martino also conspired with two former cybersecurity professionals between April 2023 and November 2023.
Kevin Martin, 36, of Texas, was hired as Martino’s co-worker at DigitalMint after the conspiracy began. Ryan Goldberg, 41, of Georgia, was manager of incident response at Sygnia.
All told, Martino was found to have extorted five different victims as part of his collaboration with the cyber crime syndicate while the trio also worked to deploy BlackCat ransomware against victims across the country.
Assistant attorney general A. Tysen Duva of the Justice Department’s Criminal Division, said victims had shared “heartbreaking accounts of how their businesses were nearly destroyed” during the trail.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
“Today’s sentence accounts for the harm Martino caused and demonstrates that the Department of Justice can and will identify and prosecute cybercriminals to the fullest extent of the law.”
Working with the enemy
After successfully extorting one victim for around $1.2 million in Bitcoin, the men split their share of the ransom three ways and laundered the funds through various means.
Jason A. Reding Quiñones, attorney for the Southern District of Florida, said more than $10 million in criminal proceeds have been seized. These assets include digital currency, vehicles, a food truck, and a luxury fishing boat.
A separate hearing has been set for September 17 to decide the amount of restitution to be ordered against Martino.
The Justice Department started working to bring down BlackCat three years ago, developing a decryption tool that allowed FBI field offices across the US and law enforcement partners around the world to help victims restore their systems.
The scheme has reportedly saved victims from paying out $99 million in ransom payments so far. The FBI also seized several BlackCat websites at the same time.
"This case sends a clear message: we will pursue the hackers who deploy ransomware, the insiders who enable them, and the money they steal from American victims,” Quiñones said.
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Developers are swerving programming fundamentals in favor of AINews O'Reilly has recorded a massive fall in programming fundamentals courses, but that’s not to suggest devs aren’t learning key skills
-
The evolution of digital twinsITPro Podcast No longer just a simple replica of a factory floor, the term digital twin is taking on new meaning
-
‘The risk to every organization has increased exponentially’: The FortiBleed campaign just took a turn for the worseNews Reports suggest that FortiBleed-linked exposed credentials could put UK government and public services at huge risk
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
US offers $10m bounty for info on Russia-linked hackers behind Signal and WhatsApp attacksNews UNC5792 and UNC4221 have been targeting government officials through their Signal and WhatsApp accounts
-
Duo accused of role in TfL cyber attack plead guilty after ‘lengthy, highly complex, and painstaking investigation’News Around 10 million people are believed to have been affected by the TfL cyber attack
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
Hackers are turning up at law firms to gain physical access to machinesNews The FBI is warning companies to look out for fake IT staff
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments