Ransomware Negotiator Confesses to Aiding Attacks
▼ Summary
– A Florida man named Angelo Martino pleaded guilty to conspiring in ransomware attacks against U.S. companies.
– Martino abused his role as a ransomware negotiator at DigitalMint to secretly pass confidential client information to the BlackCat/ALPHV ransomware group.
– Two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, were also involved and have pleaded guilty to the same conspiracy charge.
– The conspirators extorted a victim for about $1.2 million in Bitcoin and laundered the proceeds, leading to the seizure of $10 million in assets from Martino.
– All three men face up to 20 years in prison, with Martino’s sentencing scheduled for July 9.
A Florida man who previously worked as a ransomware negotiator has admitted to conspiring with cybercriminals to attack American businesses. Angelo Martino, 41, exploited his position at the cryptocurrency broker DigitalMint, a firm that assists victims in paying ransoms, to secretly funnel confidential client data to attackers. This case highlights a profound betrayal of trust within the cybersecurity sector, where professionals tasked with defense instead enabled harm.
Martino did not act alone. Two other men, Ryan Goldberg of Georgia and Kevin Martin of Texas, were also implicated. All three possessed backgrounds in cybersecurity, leveraging their industry knowledge and skills for criminal gain. While Martino and Martin worked as negotiators at DigitalMint, Goldberg served as an incident response manager for Sygnia Cybersecurity Services.
Starting in April 2023, Martino used his insider access to aid the notorious BlackCat/ALPHV ransomware group. While officially representing five different victim companies in negotiations, he covertly provided the attackers with critical information about his clients’ confidential strategies and financial positions. This data included details like insurance policy limits and internal assessments, which gave the criminals a clear advantage in understanding how much a victim could pay and how to steer the talks.
Following one successful extortion that netted approximately $1.2 million in Bitcoin, the group divided the proceeds and engaged in money laundering through complex transactions. Authorities have since seized $10 million in assets from Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat purchased with illicit funds.
Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division condemned Martino’s actions, stating he betrayed the very clients who trusted him to mitigate threats. Instead of helping to thwart attacks, Martino actively assisted cybercriminals, causing damage to victims, his employer, and the integrity of the incident response industry.
Martino pleaded guilty to one count of conspiracy to commit extortion affecting interstate commerce. His sentencing is scheduled for July 9, and he could receive a maximum penalty of 20 years in federal prison. His co-conspirators, Kevin Martin and Ryan Goldberg, entered separate guilty pleas to the same charge in December 2025. They are set for sentencing on April 30 and also face potential 20-year prison terms.
This prosecution follows a major law enforcement operation in late 2023 that disrupted the BlackCat/ALPHV group by taking control of its data leak site. The case underscores the ongoing legal and investigative efforts to combat ransomware threats and hold facilitators accountable, even when they operate from within the security industry itself.
(Source: Help Net Security)
