GoKawiilA former ransomware negotiator pleaded guilty this week to conspiring with the ransomware actor BlackCat/ALPHV to commit ransomware attacks against US companies in 2023.
The Department of Justice revealed the plea yesterday as part of its continuing campaign to take down BlackCat, a prolific ransomware actor that was previously responsible for attacks against hospitals and universities, as well as big name targets. For example, an affiliate was reportedly responsible for the now-infamous attack against Change Healthcare in 2024. As of now, the entity known as BlackCat has largely disappeared, but law enforcement action continues.
Angelo Martino, 41, of Land O'Lakes, Florida, collaborated with BlackCat/ALPHV actors to extort organizations beginning in April 2023. According to a statement from the Department of Justice, Martino abused his role at a US-based cyber incident response firm to assist the cybercriminals. While working on behalf of five victims, he "provided BlackCat attackers with confidential information about the negotiating position and strategy of his company's clients without the clients' or his employer's knowledge or permission."
Related:Inside the Data on Insider Threats: What 1,000 Real Cases Reveal About Hidden Risk
That confidential information included victim insurance policy limits and internal negotiation positions, provided so BlackCat could maximize payouts from their victims. BlackCat paid Martino for his collaboration.
Three Cybersecurity Professionals Turned Rogue
Martino additionally admitted to conspiring with two other cybersecurity professionals, Ryan Goldberg of Georgia and Kevin Martin of Texas. They successfully deployed BlackCat ransomware between April and November of 2023 against multiple US-based victims. "After successfully extorting one victim for approximately $1.2 million in Bitcoin, the men split their share of the ransom three ways and laundered the funds through various means," DOJ noted.
Law enforcement has seized approximately $10 million in assets from Martino to date, including multiple vehicles (such as a food truck and a luxury boat) as well as digital currency obtained as part of this ransomware activity.
Martino pleaded guilty to one count of extortion. Goldberg and Martin entered guilty pleas for the same charge in December. Martino will be sentenced July 9 and the others will be sentenced on April 30. All three face a maximum sentence of 20 years in prison.
Martino and Martin were employed by DigitalMint, while Goldberg was a Sygnia employee. Both firms said they cooperated fully with law enforcement. DigitalMint previously told Dark Reading that both guilty employees had been terminated, and that the actions of Martin and Martino violated its ethical standards. Meanwhile, Sygnia said Goldberg acted on his own and Sygnia clients were not affected by his actions.
... continue reading