WTF?! Federal prosecutors say a ransomware negotiator exploited the very channels used to handle cyberattacks, turning delicate breach information into leverage for the hackers he was speculated to battle. That negotiator, Angelo Martino, 41, was sentenced to 70 months in jail after pleading responsible to conspiring with associates of the BlackCat ransomware operation.
Martino labored for DigitalMint, a agency that helps firms navigate ransomware incidents, together with negotiating funds with attackers. In that position, he labored on energetic breach instances and had entry to detailed details about victims, together with ransom calls for, insurance coverage protection, and inner negotiation methods. Based on prosecutors, he used that entry to quietly help the attackers.
Courtroom filings describe how Martino communicated with BlackCat operators by means of a number of channels tied to the group’s infrastructure. Alongside customary negotiation chats, he used a separate “middleman” perform inside BlackCat’s panel and the encrypted messaging platform Tox. These channels enabled direct exchanges with attackers exterior the victims’ view.
“The aim of those middleman chat communications was to maximise the ransom funds paid by these victims to the BlackCat actors,” prosecutors wrote. “This info supplied by the defendant with out the victims’ data included the victims’ insurance coverage coverage limits and inner negotiation positions. In change for offering confidential info, the defendant acquired a portion of the ransomware funds in digital forex.”
Prosecutors stated the data helped form ransom calls for throughout negotiations. Between April and September 2023, 5 affected shoppers paid greater than $75 million to BlackCat associates. A few of these funds had been probably increased than they in any other case would have been due to the data Martino supplied.
The victims included organizations throughout monetary providers, healthcare, retail, hospitality, and the nonprofit sector. Along with the ransom funds, the assaults disrupted operations and, in some instances, affected service supply.
Martino later obtained affiliate entry to BlackCat’s ransomware platform in Could 2023. That entry, sometimes reserved for trusted companions who deploy the malware, was shared with two co-conspirators, Kevin Martin and Ryan Goldberg.
“After the defendant obtained affiliate entry, the defendant, Co-conspirator 1, and Co-Conspirator 2 agreed to, and did use the BlackCat ransomware and platform to assault and extort victims and share the ransom proceeds amongst themselves and with the BlackCat admin,” the submitting states.
Utilizing these credentials, the group launched extra assaults past the incidents tied to Martino’s shoppers. One focused a medical gadget firm that paid $1.2 million. Different victims didn’t pay however nonetheless skilled operational and monetary fallout.

Prosecutors stated Martino acquired thousands and thousands of {dollars} in cryptocurrency tied to the scheme. Whereas a few of these property had been seized by the FBI, a portion had already been transformed into purchases, together with two properties, a ship, and a number of other autos. He has been ordered to forfeit property and pay 10% of his earnings after his launch.
Martino had requested for a shorter 24-month sentence, citing his cooperation with authorities within the prosecution of his co-conspirators. Martin and Goldberg had been every sentenced to 4 years in jail earlier this yr.
Legislation enforcement officers emphasised the breach of belief on the heart of the case. “Angelo Martino offered out the very victims he was employed to characterize, handing their confidential negotiating positions to BlackCat actors to drive up ransoms and enrich himself,” stated FBI Cyber Division Assistant Director Brett Leatherman.
BlackCat, also called ALPHV, operates as a ransomware-as-a-service platform, offering malware and infrastructure to associates who perform assaults and share proceeds. The group has been linked to a variety of high-profile incidents, together with the 2024 disruption of Change Healthcare’s cost programs. The FBI stated in 2023 that it developed a decryption software for the ransomware and seized elements of the group’s infrastructure. Associates continued working after these actions.
DigitalMint stated it was unaware of Martino’s conduct and described itself as “additionally an unknowing sufferer.” The corporate stated it terminated the workers concerned after being contacted by the Division of Justice and cooperated with investigators.
Based on DigitalMint, Martino bypassed inner safeguards through the use of unauthorized communication channels that weren’t seen inside its programs. The corporate stated its controls had been in keeping with business requirements however that his actions had been intentionally hid.
The case highlights a danger in ransomware response: negotiators typically work inside programs managed by attackers whereas dealing with delicate information. Prosecutors stated that entry was used to profit the attackers, not the victims.


