Former Ransomware Negotiators Pleads Guilty to Running BlackCat Attacks Against the Companies They Were Hired to Protect
Angelo Martino, a 41-year-old former ransomware negotiator at cybersecurity incident response firm DigitalMint, has pleaded guilty to targeting U.S. companies with BlackCat (ALPHV) ransomware while simultaneously working as a negotiator supposedly helping victims resolve attacks. Martino is the third defendant to plead guilty in a case that exposes one of the most brazen insider compromises in the cybersecurity industry's history.
According to court documents, Martino shared confidential information about victims' negotiation positions and insurance policy limits directly with BlackCat operators while engaged as their negotiator on at least five cases. This gave the ransomware crew precise knowledge of how much each victim could pay, enabling them to extract maximum ransoms. The betrayal is staggering in its simplicity — the person hired to minimize damage was actively maximizing it.
Martino operated alongside two co-conspirators: Ryan Clifford Goldberg, 33, formerly of Sygnia and DigitalMint, and Kevin Tyler Martin, 28, also of DigitalMint. Both have already pleaded guilty to conspiracy to obstruct commerce by extortion and face up to 20 years in prison. Between April 2023 and April 2025, all three functioned as BlackCat affiliates — deploying ransomware, demanding payments, and threatening to leak stolen data. They paid BlackCat administrators a 20% cut of all ransom proceeds in exchange for access to the ransomware and extortion portal.
The sums involved are enormous. Among their victims were a financial services firm that paid $25.6 million and a nonprofit that paid $26.8 million in ransom. Additional targets included law firms, school districts, medical facilities, and other financial services companies.
Martino was initially identified only as "Co-Conspirator 1" in an October 2025 indictment before being named in court documents unsealed in March 2026. DigitalMint CEO Jonathan Solomon confirmed that both Martino and Martin were terminated after their conduct was discovered, stating the company condemned the behavior as a violation of its values and ethical standards.
BlackCat/ALPHV was one of the most prolific ransomware operations in recent years. The FBI linked it to more than 60 breaches between November 2021 and March 2022 alone, and the gang collected at least $300 million in ransom payments from over 1,000 victims through September 2023.
Why This Matters:
This case exposes a fundamental trust vulnerability in the incident response ecosystem. Organizations under ransomware attack place enormous trust in their negotiators — sharing insurance details, financial constraints, board decisions, and legal strategy. A compromised negotiator doesn't just fail to help; they become the most dangerous adversary in the room, armed with information the attacker could never obtain through technical means alone. Organizations engaging third-party IR and negotiation firms should scrutinize vetting processes, compartmentalize sensitive information, and consider whether a single negotiator should have visibility into both insurance limits and active threat actor communications simultaneously.
