Former Ransomware Negotiator Pleads Guilty to Aiding BlackCat Cyber Gang in Multimillion-Dollar Scheme

In a stunning betrayal of trust, a former ransomware negotiator pleads guilty to secretly colluding with the notorious BlackCat cyber gang. Angelo Martino, 41, from Land O’Lakes, Florida, admitted to one count of conspiracy to obstruct commerce by extortion, according to the U.S. Department of Justice. This case highlights a dark underbelly of the cybersecurity industry, where those hired to defend can become the attackers.

The Inside Job: How a Negotiator Turned Traitor

Martino, who worked for the incident response firm Digital Mint, began cooperating with the BlackCat ransomware group in April 2023. As a negotiator for five corporate ransomware victims, he had access to sensitive information—including insurance policy limits and internal negotiation strategies. Instead of protecting his clients, he passed these details to the cybercriminals, allowing them to maximize their extortion demands. The Justice Department confirmed that Martino was paid for this intelligence.

But his betrayal did not stop there. Martino also admitted to conspiring with Ryan Goldberg of Georgia and Kevin Martin of Texas to deploy ransomware against various U.S. victims between April and November 2023. This made him an active affiliate of the BlackCat group, directly participating in attacks rather than just facilitating them.

Multimillion-Dollar Extortion: The Scale of the Scheme

The financial impact of this conspiracy was staggering. Authorities have already seized $10 million in assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Court documents reveal that an unnamed hospitality firm paid a ransom of $16.5 million, a financial services firm paid $25.7 million, and a non-profit organization paid $26.8 million. Other victims spanned retailers, manufacturers, medical companies, engineering firms, and pharmaceutical companies.

Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division condemned the betrayal: “Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims. Instead, he betrayed them and began launching ransomware attacks himself by assisting cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.”

BlackCat Ransomware Group: A Persistent Threat

The BlackCat group, also known as ALPHV, has been one of the most prolific ransomware operations in recent years. The FBI estimated that the group made as much as $300 million from hundreds of victims up to late 2023. In one notorious incident, an affiliate threatened to report a victim to the U.S. Securities and Exchange Commission (SEC) to pressure payment—a tactic that underscores the group’s ruthlessness.

However, law enforcement struck back in December 2023, seizing the group’s leak site and releasing a decryptor for the ransomware. Experts believe this action may have saved victims tens of millions of dollars in ransom payments. Despite this, the case of Martino shows how deeply the tentacles of such groups can reach into the cybersecurity industry.

Legal Consequences and Lessons for the Industry

Martino will be sentenced on July 9 and faces a maximum penalty of 20 years in federal prison. This case serves as a stark warning to other cybersecurity professionals who might consider crossing ethical lines. It also raises critical questions about vetting processes and oversight within incident response firms.

For businesses, this incident underscores the importance of choosing trusted cybersecurity partners and implementing strict monitoring protocols. As ransomware attacks continue to evolve, the line between defender and attacker can blur—making vigilance more crucial than ever. To learn more about protecting your organization, explore our guide on cybersecurity best practices and tips for building a ransomware response plan.

In conclusion, the case of a ransomware negotiator pleading guilty to aiding the BlackCat cyber gang is a cautionary tale. It reminds us that trust must be earned and verified, especially in the high-stakes world of cyber extortion. As the sentencing date approaches, the cybersecurity community will be watching closely—hoping that justice serves as a deterrent for future betrayals.