Former Cybersecurity Negotiator Sentenced for BlackCat Ransomware Attacks
A former employee of a cybersecurity incident response firm has been sentenced to 70 months in prison for his involvement in **BlackCat (ALPHV)** ransomware attacks targeting U.S. companies. This conviction highlights a disturbing trend of insiders leveraging their expertise for illicit gain within the cybercrime ecosystem.
A federal court has handed down a 70-month prison sentence to **Angelo Martino**, a former employee of cybersecurity incident response company **DigitalMint**. Martino was found guilty of participating in **BlackCat (ALPHV)** ransomware attacks against multiple U.S. organizations.
**BlackCat**, a notorious ransomware-as-a-service (RaaS) operation, has been linked by the **FBI** to over 60 breaches between November 2021 and March 2022. The group is estimated to have extorted at least $300 million from more than 1,000 victims by September 2023.
### The Insider Threat
Martino, 41, pleaded guilty to his role in these attacks. He was indicted alongside two other former ransomware negotiators, **Kevin Tyler Martin**, 28, and **Ryan Clifford Goldberg**, 33, who previously worked for **Sygnia** and **DigitalMint**.
Martin and Goldberg also pleaded guilty in December to conspiracy to obstruct commerce by extortion and were subsequently sentenced to four years in prison each in May.
Initially identified as "Co-Conspirator 1" in an October 2025 indictment, Martino's identity was unsealed in court documents in March. These documents detail his direct involvement in **BlackCat** ransomware attacks between April 2023 and April 2025, alongside Goldberg and Martin.
### Modus Operandi
According to court documents, the trio utilized **ALPHV BlackCat** ransomware to attack victims, encrypting servers and demanding substantial ransoms. For instance, in October 2023, they targeted "Victim 9," demanding approximately $1,000,000 to decrypt data and prevent its publication.
Operating as **BlackCat** affiliates, the former cybersecurity professionals demanded ransom payments and threatened data leaks before encrypting systems. They compensated **BlackCat** administrators with a 20% share of all ransom proceeds in exchange for access to the ransomware and extortion portal.
### Exploiting Confidential Information
Prosecutors further revealed that Martino exploited his position as a negotiator for five victims. He shared confidential information, including victims' insurance policy limits and negotiation positions, directly with **BlackCat** operators. This insider knowledge allowed the cybercriminals to maximize their extortion efforts.
One complaint detailed Martino's involvement in negotiations for "Victim 1," where he provided "direction and confidential information to co-conspirators in order to maximize the ransom payment." This particular victim ultimately paid a virtual currency ransom equivalent to approximately $16,484,000.
Their victims included at least five U.S. organizations, among them a financial services firm that paid $25,660,000 and a nonprofit organization that paid a $26,793,000 ransom. School districts, medical facilities, and law firms were also targeted.
**Jonathan Solomon**, CEO of **DigitalMint**, stated that the company condemned the malicious conduct of Martin and Martino, confirming their immediate termination upon discovery of their actions. "We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals," Solomon said.