Ransomware Negotiator’s Double Game: How a Trusted Insider Fueled BlackCat Extortions and Faces 20-Year Reckoning

A former ransomware negotiator pleaded guilty to aiding BlackCat attacks while employed to help victims, leaking secrets that boosted extortions and joining direct strikes for profit. Authorities seized $10 million in assets as sentencings loom.
Ransomware Negotiator’s Double Game: How a Trusted Insider Fueled BlackCat Extortions and Faces 20-Year Reckoning
Written by John Marshall

A Florida man trusted to haggle with ransomware gangs turned traitor. Angelo Martino, 41, from Land O’Lakes, pleaded guilty to conspiring in attacks that squeezed millions from U.S. victims. He did it while drawing a paycheck from a cybersecurity firm hired to fight those very crimes.

Court documents paint a stark betrayal. Starting in April 2023, Martino worked as a negotiator at Chicago-based DigitalMint. Victims paid the company for help. Instead, Martino slipped confidential details to ALPHV/BlackCat operators—insurance policy limits, internal bargaining stances. BlackCat paid him back. The info let attackers jack up demands on five companies: a hospitality firm hit with $16.5 million, a nonprofit for $26.8 million, financial services over $25.6 million, retail at $6.1 million, medical devices $213,000. The Register broke down those figures from filings.

But Martino didn’t stop at spying. He teamed with ex-colleagues Ryan Clifford Goldberg, 33, from Georgia, and Kevin Tyler Martin, 28, from Texas. The trio deployed BlackCat ransomware themselves from April to November 2023. Demands topped $16 million across victims. One medical device maker coughed up $1.274 million in Bitcoin. They split it three ways, laundered the rest. All three had cybersecurity pedigrees—Goldberg and Martin also passed through DigitalMint and Sygnia. U.S. Department of Justice detailed the plot in its April 20 press release.

Law enforcement struck hard. Seized $10 million from Martino: cryptocurrency, a food truck, 1999 Nissan Skyline, 2024 Polaris RZR-24 ATV, luxury fishing boat, two Florida properties. Assets bought with dirty money—or straight proceeds. No keeping the spoils.

Betrayal from Within the Response Ranks

“Ransomware victims turned to this defendant for help, and he sold them out from the inside,” U.S. Attorney Jason A. Reding Quiñones said. “As he admitted in court, he abused his position at a cyber incident response company to feed confidential information to BlackCat actors, helping them maximize ransom payments from American victims.” That’s from the DOJ release. Assistant Attorney General A. Tysen Duva added: “Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims. Instead, he betrayed them and began launching ransomware attacks himself.”

DigitalMint fired back fast. “The actions of Martino and his co-conspirators, unknown to the company, were in clear violation of the company’s values, ethical standards, and the law,” a spokesperson told The Register. “DigitalMint was also an unknowing victim.” CEO Jonathan Solomon echoed to BleepingComputer: “We strongly condemn these former employees’ criminal behavior.” Firm cooperated fully post-discovery.

Goldberg and Martin flipped first, pleading guilty in December 2025. Their sentencings hit April 30, 2026. Martino follows July 9. All face max 20 years, guided by federal factors. Conspiracy to obstruct commerce by extortion seals the charge. SecurityWeek calls it the third such U.S. expert admission, spotlighting insider rot.

BlackCat’s shadow looms large. The gang struck over 1,000 targets from 2021-2023. Feds disrupted it in December 2023—FBI decryption tool spared victims $99 million, seized sites. But affiliates like Martino kept the pain going. A $22 million Change Healthcare payout marked its messy end, exit scam suspected. U.S. offers $10 million reward for BlackCat bosses. No charges yet. FBI Miami led, with Secret Service aid.

Insider Threats Reshape Victim Defenses

These pleas expose fractures in ransomware response. Negotiators hold keys: victim finances, tolerance for pain. One leak tilts the field. Firms now scrutinize staff harder. Victims hesitate. “The FBI works every day to dismantle the ransomware ecosystem,” Assistant Director Brett Leatherman said in the DOJ release. “That includes apprehending key facilitators like Angelo Martino, who abused the trust placed in him.”

Prosecutors from DOJ’s Computer Crime section—Christen Gallagher, Jorge Gonzalez—and Southern District of Florida’s Thomas Haggerty, Quinshawna Landon pushed the case. Asset forfeiture by Mitchell Hyman. Middle District Florida chipped in.

Pattern emerging. Cybersecurity pros flipping sides. Trust erodes. Victims pay more. Or walk away scarred. Martino’s fall warns: Expertise cuts both ways. Sharpest knives hide in the kitchen.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us