Skip to content
Tech News
← Back to articles

Former ransomware negotiator pleads guilty to BlackCat attacks

2026-04-21 | original
read original get Cybersecurity Incident Response Kit → more articles
Why This Matters

The guilty plea of a former cybersecurity negotiator for BlackCat ransomware highlights the growing threat of insider involvement in cybercrime, emphasizing the need for stronger internal controls and ethical standards within cybersecurity firms. This case underscores the evolving tactics of ransomware groups and the importance for organizations to bolster their defenses and response strategies against sophisticated attacks.

Key Takeaways

41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023.

Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers.

Martino was initially identified only as "Co-Conspirator 1" in an October 2025 indictment, but was named in court documents unsealed in March. Martin and Goldberg also pleaded guilty to conspiracy to obstruct commerce by extortion and are facing up to 20 years in prison each.

According to court documents, while working as a negotiator for five victims, Martino shared confidential information about the victims' negotiation positions and insurance policy limits with BlackCat ransomware operators, helping the cybercriminals extort the maximum possible amount.

Between April 2023 and April 2025, he was also involved in BlackCat ransomware attacks alongside accomplices Kevin Tyler Martin and Ryan Goldberg.

While operating as BlackCat affiliates, the three defendants demanded ransom payments and threatened victims to leak data stolen before encrypting their systems. Prosecutors added that the three accomplices paid the BlackCat administrators a 20% share of all ransoms proceeds for access to the ransomware and extortion portal.

Their victims included at least five U.S. organizations, among them a financial services firm that paid $25,660,000 and a nonprofit that paid a $26,793,000 ransom, as well as law firms, school districts, medical facilities, and other financial services companies.

DigitalMint CEO Jonathan Solomon told BleepingComputer that the company condemned the previous malicious conduct and noted that Martin and Martino were fired after their actions were discovered.

"We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals," Solomon said.

The BlackCat ransomware operation has been linked by the FBI to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau added that the cybercrime gang collected at least $300 million in ransom payments from over 1,000 victims through September 2023.

Explore topics: blackcat ransomware digitalmint sygnia cybercriminals
Related:
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
The backup myth that is putting businesses at risk
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
Payouts King ransomware uses QEMU VMs to bypass endpoint security
He Was Laid Off, Posted on LinkedIn — Then Scammers Started Impersonating Real Recruiters to Target Him

© 2026 GoKawiil

About | Editorial Policy | Contact