US Charges BlackCat Ransomware Negotiator in Major Crackdown

In a significant development for cybersecurity enforcement, the U.S. Department of Justice has unsealed charges against a former ransomware negotiator accused of secretly collaborating with the notorious BlackCat (ALPHV) ransomware gang. This case highlights the complex and troubling threat of insider involvement within the very companies hired to defend against such digital extortion.

Angelo Martino faces a federal charge of conspiracy to interfere with interstate commerce by extortion. He surrendered to authorities in March. Court documents reveal that while employed as a negotiator at cybersecurity firm DigitalMint, Martino allegedly shared confidential details about active negotiations with the operators of the BlackCat ransomware. His role was ostensibly to help victims, but prosecutors claim he was working against them.

The alleged criminal activity spanned from April 2023 to April 2025. During this period, Martino is accused of working directly with two accomplices: Kevin Tyler Martin, another former DigitalMint employee, and Ryan Goldberg, a former incident response manager at a different security firm, Sygnia. Martino was previously referenced anonymously in an earlier indictment from October 2025 that charged Martin and Goldberg; both of those individuals have since pleaded guilty and await sentencing.

According to the Justice Department, the trio operated as affiliates for the BlackCat operation. They are accused of launching attacks, demanding ransom payments, and threatening to publish stolen data from victim networks. In a typical affiliate model, they reportedly paid the core BlackCat administrators a twenty percent cut of all ransoms collected in exchange for using the group’s ransomware tools and extortion platform.

The impact of their alleged scheme was substantial, targeting at least five U.S. organizations. One nonprofit entity was forced to pay a ransom exceeding $26.7 million, while a financial services company paid over $25.6 million. Other victims came from a broad spectrum of sectors, including healthcare providers, legal practices, educational institutions, and additional financial firms.

DigitalMint’s CEO, Jonathan Solomon, addressed the situation in a statement. He strongly condemned the former employees’ actions, confirming the company terminated both Martin and Martino upon discovery of their conduct. Solomon emphasized that DigitalMint has cooperated fully with law enforcement since the investigation began and does not anticipate further charges against the company. He acknowledged that while insider risk can never be fully eliminated, the firm has taken the incident seriously by enhancing its internal safeguards and controls to prevent future misconduct.

The BlackCat ransomware operation, also known as ALPHV, has been a persistent threat. The FBI has previously connected the group to more than sixty data breaches in a short four-month period. In a separate advisory, the bureau estimated that the cybercriminal gang had extorted at least $300 million from over a thousand victims globally by late 2023.

This case echoes long-standing concerns about conflicts of interest in the ransomware recovery industry. Years prior, investigative reports raised alarms that some data recovery firms were secretly paying ransom gangs on behalf of clients while charging those same customers for restoration services, without disclosing the dual nature of their payments. The current charges against a professional negotiator underscore how insider threats can critically undermine trust in cybersecurity defenses.

(Source: Bleeping Computer)