Ransomware Negotiator Guilty of Secretly Supporting BlackCat Extortion Operations
- Apr 21
- 3 min read
Key Findings
Angelo Martino, 41-year-old ransomware negotiator from Florida, pleaded guilty to assisting the BlackCat ransomware group while employed at a U.S. incident response firm
Martino leaked confidential client information including insurance limits and negotiation strategies to BlackCat operators, enabling higher ransom demands across five victim cases starting April 2023
He conspired with two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, to deploy BlackCat ransomware attacks against multiple U.S. companies between April and November 2023
The conspiracy resulted in at least $1.2 million in Bitcoin extorted from one victim, with proceeds split among conspirators
Law enforcement seized over $10 million in assets from Martino including cryptocurrency, vehicles, a food truck, and a luxury fishing boat purchased with illicit funds
Martino faces up to 20 years in prison with sentencing scheduled for July 9, 2026
Background
Angelo Martino worked as a ransomware negotiator for DigitalMint, a U.S.-based incident response firm. His job was to help victims navigate ransom demands and recover from attacks. Beginning in April 2023, he systematically abused this trusted position to assist the BlackCat ransomware group, one of the most prolific extortion operations in the cybercriminal landscape.
The Insider Threat
Martino's role gave him access to sensitive information about ransomware victims at their most vulnerable moments. While negotiating on behalf of five different clients, he secretly shared confidential details with BlackCat operators without his clients' or employer's knowledge. This information included insurance policy limits and internal negotiation strategies that attackers used to calibrate their ransom demands for maximum profit.
In exchange for this assistance, Martino received financial compensation from the ransomware operators. His actions directly harmed the victims he was supposed to help while undermining the entire incident response industry.
The Conspiracy Network
Martino was not acting alone. He conspired with two other cybersecurity professionals who should have known better. Kevin Martin, 36, worked alongside Martino at DigitalMint as another incident responder. Ryan Goldberg, 40, was an incident response manager at cybersecurity firm Sygnia in Georgia.
Between April and November 2023, this trio leveraged their combined cybersecurity expertise to deploy BlackCat ransomware against multiple U.S. victims. Rather than defending companies, they became attackers themselves, using insider knowledge and technical skills to maximize the impact of their extortion campaigns.
Financial Exploitation
The conspiracy was highly profitable. In one documented case, the conspirators successfully extorted approximately $1.2 million in Bitcoin from a single victim. The ransoms were split among the three men and laundered through various financial channels to obscure their criminal origins.
When law enforcement seized Martino's assets, they recovered over $10 million in total proceeds. This included digital currency holdings, multiple vehicles, a food truck, and a luxury fishing boat purchased with money obtained through extortion. The asset seizure provides clear evidence of the scheme's financial scale.
Legal Consequences
Martino pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce through extortion. He is scheduled for sentencing on July 9, 2026, and faces a maximum penalty of 20 years in prison.
His co-conspirators faced the same charges. Kevin Martin and Ryan Goldberg both entered guilty pleas in December 2025 to the identical conspiracy charge. They are scheduled for sentencing on April 30, 2026, and each faces up to 20 years in prison.
Federal judges will determine final sentences based on sentencing guidelines and case circumstances, though the maximum penalty of two decades in federal prison underscores the severity with which prosecutors and courts are treating this breach of trust.
Broader Implications
This case demonstrates a significant vulnerability in cybersecurity infrastructure: the insider threat from trusted professionals. U.S. Attorney Jason A. Reding Quiñones noted that "ransomware victims turned to this defendant for help, and he sold them out from the inside."
The prosecution sends a clear message to cybersecurity professionals that weaponizing their expertise and insider access against victims will result in serious federal charges and substantial prison time. It also highlights how the incident response industry itself can be compromised by bad actors and why vetting and oversight of these firms remains critical for corporate security.
Sources
https://securityaffairs.com/191100/security/ransomware-negotiator-caught-secretly-assisting-blackcat-extortion-scheme.html
https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html

Comments