Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Apr 22, 2026 · 6 min read

The Ransomware Negotiator Hired to Help Victims Was Secretly Working for BlackCat—He Just Pleaded Guilty

Angelo Martino, a 41 year old ransomware negotiator at cryptocurrency broker DigitalMint, admitted to feeding victims' insurance policy limits and negotiation strategies directly to the ALPHV/BlackCat ransomware group. He faces up to 20 years in prison.

A dimly lit office desk with two phones, one receiving a call while the other displays a dark chat interface, symbolizing a double agent working both sides of a ransomware negotiation

The Guilty Plea

On April 21, 2026, Angelo Martino, a 41 year old Florida man, pleaded guilty in federal court to one count of conspiracy to obstruct, delay, or affect commerce by extortion. He faces a maximum penalty of 20 years in prison. Sentencing is scheduled for July 9, 2026.

Martino worked as a ransomware negotiator at DigitalMint, a cryptocurrency broker that helps companies pay ransom demands during cyberattacks. His job was to negotiate on behalf of victims, trying to reduce the ransom amount and facilitate payment. Instead, he was secretly working for the attackers.

How the Betrayal Worked

Beginning in April 2023, Martino used his position at DigitalMint to assist the ALPHV/BlackCat ransomware group. Working as a negotiator on behalf of five different ransomware victims, he passed confidential information to the attackers without his clients' or employer's knowledge.

The information he leaked was devastating for victims' negotiating positions:

  • Insurance policy limits, telling attackers exactly how much victims could pay
  • Internal assessments of the damage, revealing how desperate victims were
  • Negotiation strategies, allowing attackers to counter every move

Imagine hiring a lawyer to defend you in court, only to discover your lawyer has been sharing your case file with the prosecution. That is what Martino did to companies already in crisis.

Not Just Leaking Information

Martino did not stop at passing intelligence. According to the Department of Justice, he also admitted to actively helping deploy ALPHV/BlackCat ransomware against several U.S. victims for six months in 2023, working alongside two co conspirators: Kevin Tyler Martin and Ryan Clifford Goldberg.

After extorting approximately $1.2 million in Bitcoin from one victim, the group split the proceeds evenly and laundered the funds through a series of cryptocurrency transactions.

Law enforcement seized $10 million in assets from Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat, all purchased with proceeds linked to the operation.

A Pattern of Insider Corruption

Martino is the third ransomware professional prosecuted in the past year for secretly aiding attackers. The pattern suggests a systemic problem: the ransomware response industry, which has grown rapidly alongside the threat itself, has created roles with inherent conflicts of interest.

Ransomware negotiators sit at the intersection of victim desperation and criminal profit. They see insurance policy details, understand exactly how much pressure victims are under, and communicate directly with threat actors. For someone willing to cross ethical and legal lines, the incentive structure is tilted heavily toward corruption.

ALPHV/BlackCat itself operated as a ransomware as a service platform, where affiliates would deploy the malware and share the profits with the developers. Law enforcement disrupted the gang's infrastructure in late 2023, but the group briefly resurged before eventually going dark. The operation was linked to major attacks including the Scattered Spider phishing campaign that hit MGM, Coinbase, and Mailchimp.

What This Means for Organizations

If your organization ever faces a ransomware attack, you will likely hire outside help, including negotiators, forensic investigators, and legal counsel. The Martino case is a warning that those helpers need to be vetted as carefully as any other vendor with access to sensitive information.

Steps organizations should take:

  • Vet ransomware response firms thoroughly before an incident occurs, not during one
  • Limit the information shared with negotiators to only what is necessary for the current negotiation
  • Use separate communication channels for internal strategy discussions that are not shared with the negotiation team
  • Require background checks and conflict of interest disclosures from all incident response personnel
  • Consider having your legal team manage the relationship with the negotiator rather than giving the negotiator direct access to your executive team

The Bigger Picture

The ransomware economy has grown into a multibillion dollar industry. The FBI reported that Americans lost $17.6 billion to cyber fraud in 2025, with business email compromise and ransomware as leading contributors. That scale of money creates opportunities for corruption at every point in the response chain.

Martino's case reveals a particularly insidious vulnerability: the people hired to protect victims can become the greatest threat to them. When trust is weaponized, every ransomware negotiation becomes a potential trap. And until the industry develops better oversight mechanisms, the next Angelo Martino may already be on a victim's payroll.

Stop Email Tracking in Gmail

Spy pixels track when you open emails, where you are, and what device you use. Gblock blocks them automatically.

Try Gblock Free for 30 Days

No credit card required. Works with Chrome, Edge, Brave, and Arc.