Written by 8:17 am Blog

Former ransomware negotiator gets 4 years for BlackCat attacks

A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months…
Former ransomware negotiator gets 4 years for BlackCat attacks

A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks.

The FBI linked the BlackCat ransomware gang to more than 60 breaches between November 2021 and March 2022, adding in a separate advisory that the cybercrime group had collected at least $300 million in ransom payments from more than 1,000 victims through September 2023.

41-year-old Angelo Martino was charged and pleaded guilty to his role in some of these attacks, along with two other Sygnia and DigitalMint ransomware negotiators, 28-year-old Kevin Tyler Martin and 33-year-old Ryan Clifford Goldberg.

Martin and Goldberg pleaded guilty in December to conspiracy to obstruct commerce by extortion and were also sentenced to four years in prison each in May.

While Martino was initially identified only as “Co-Conspirator 1” in an October 2025 indictment, he was named in court documents unsealed in March.

According to the court documents, between April 2023 and April 2025, Martino was directly involved in BlackCat ransomware attacks alongside accomplices Ryan Goldberg and Kevin Tyler Martin.

“In or around October 2023, ANGELO MARTINO, Ryan Clifford Goldberg, and Kevin Tyler Martin used ALPHV BlackCat ransomware to attack Victim 9,” reads the court documents.

“MARTINO, Goldberg, and Martin encrypted Victim 9’s servers and demanded an approximate $1 ,000,000 ransom payment to decrypt the affected data and in exchange for a commitment not to publish thestolen information.”

While operating as BlackCat affiliates, the three former Sygnia and DigitalMint employees demanded ransom payments and threatened to leak stolen data before encrypting their systems. The three accomplices paid the BlackCat admins a 20% share of all ransom proceeds for access to the ransomware and extortion portal.

Prosecutors added that Martino had also shared confidential information about victims’ insurance policy limits and negotiation positions with BlackCat ransomware operators while working as a negotiator for five victims, allowing the cybercriminals to extort the maximum possible amount.

“Victim 1 hired Company 1, and MARTINO conducted the ransom negotiations on behalf of Company 1,” continued the complaint.

“During the ransom negotiations, MARTINO provided direction and confidentialinformation to co-conspirators in order to maximize the ransom payment and in exchange for aportion of the ransom payment. Victim 1 paid the co-conspirators a ransom payment in virtualcurrency worth approximately $16,484,000 at the time of payment.”

Their victims include at least five U.S. organizations, including a financial services firm that paid $25,660,000 and a nonprofit that paid a $26,793,000 ransom, as well as school districts, medical facilities, law firms, and other financial services companies.

DigitalMint CEO Jonathan Solomon previously told BleepingComputer that the company condemned Martin and Martino’s malicious conduct, noting that they were fired immediately after their actions were discovered.

“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” Solomon said.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Article Source

Close