This ransomware negotiator was hired to combat hackers but was secretly collaborating with them instead.

Title: “Double Agent: The Ransomware Negotiator Who Became a Hacker’s Ally”


In a shocking twist of betrayal, federal prosecutors have disclosed that a ransomware negotiator, tasked with aiding victims of cyberattacks, turned rogue. Angelo Martino, 41, was sentenced to an extensive 70 months in prison after admitting to colluding with the notorious BlackCat ransomware group. This case uncovers a troubling breach of trust in the battle against cybercrime, showcasing how Martino exploited his role for personal gain.

Martino was formerly employed by DigitalMint, a company dedicated to guiding businesses through ransomware crises, including negotiations with cybercriminals. In this capacity, he had access to critical victim information such as ransom demands, insurance details, and internal negotiation tactics. However, instead of protecting this sensitive data, Martino allegedly provided it directly to the attackers he was meant to combat.

Court documents reveal that Martino maintained communication with BlackCat operators through an array of channels, including encrypted messaging platforms and an intermediary function within BlackCat’s infrastructure. According to prosecutors, these clandestine communications allowed Martino to provide the attackers with intimate knowledge of the victims’ operations.

As outlined in court filings, Martino’s knowing leak of information was aimed at maximizing ransom payments from victims to the BlackCat group. The insights he offered—which included insurance coverage limits and negotiation strategies—were instrumental in shaping how much ransom was ultimately demanded. From April to September 2023, victims were extorted for more than $75 million, with Martino’s insider knowledge likely prompting inflated ransom demands.

The fallout from Martino’s actions stretched across various sectors, impacting organizations in finance, healthcare, retail, and non-profits. The repercussions of these attacks went beyond financial losses, disrupting services and operational capabilities.

Martino’s journey into the BlackCat underworld took a further dark turn in May 2023 when he acquired affiliate access to the ransomware platform—typically reserved for trusted partners capable of deploying malware. This access was shared with two co-conspirators, facilitating additional attacks that spanned beyond his initial clients.

In one egregious case, a medical device corporation fell victim to Martino’s group, ultimately paying $1.2 million. Not all victims complied, but many faced serious operational and financial challenges due to the attacks initiated under Martino’s watch.

Prosecutors highlighted that Martino profited significantly from this illegal scheme, receiving millions in cryptocurrency linked to the ransomware attacks. While some funds were seized by law enforcement, Martino had already converted portions of those assets into luxury items, including homes, vehicles, and even a boat.

Despite seeking a lenient 24-month sentence due to his cooperation with authorities, Martino’s actions were deemed egregious. His co-conspirators, Kevin Martin and Ryan Goldberg, were handed four-year sentences earlier in the year—a reflection of the severity of their conspiracy.

This case shines a glaring spotlight on the inherent risks surrounding ransomware negotiations. Law enforcement has underscored the profound breach of trust exemplified by Martino’s actions. “Angelo Martino sold out the very victims he was hired to protect, compromising their negotiating position for personal gain,” stated Brett Leatherman, Assistant Director of the FBI Cyber Division.

The BlackCat group, also known as ALPHV, functions as a ransomware-as-a-service operation, providing malicious tools to affiliates who execute attacks and share the lucrative spoils. Despite attempts by law enforcement to thwart their operations, the group has remained resilient.

DigitalMint expressed shock at Martino’s duplicity. The company asserted it was unaware of his nefarious activities and described itself as another victim of the ransomware scheme. Following the revelations, DigitalMint severed ties with the implicated workers and pledged full cooperation with investigators.

This incident serves as a cautionary tale, revealing the vulnerabilities in ransomware response efforts where negotiators might unknowingly operate within systems controlled by attackers. Prosecutors confirm that access intended to aid victims was instead manipulated to fuel the very criminals they were trying to defeat.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top