WTF?! Federal prosecutors say a ransomware negotiator exploited the very channels used to manage cyberattacks, turning sensitive breach data into leverage for the hackers he was supposed to fight. That negotiator, Angelo Martino, 41, was sentenced to 70 months in prison after pleading guilty to conspiring with affiliates of the BlackCat ransomware operation.
Martino worked for DigitalMint, a firm that helps companies navigate ransomware incidents, including negotiating payments with attackers. In that role, he worked on active breach cases and had access to detailed information about victims, including ransom demands, insurance coverage, and internal negotiation strategies. According to prosecutors, he used that access to quietly assist the attackers.
Court filings describe how Martino communicated with BlackCat operators through multiple channels tied to the group's infrastructure. Alongside standard negotiation chats, he used a separate "intermediary" function within BlackCat's panel and the encrypted messaging platform Tox. Those channels enabled direct exchanges with attackers outside the victims' view.
"The purpose of these intermediary chat communications was to maximize the ransom payments paid by those victims to the BlackCat actors," prosecutors wrote. "This information provided by the defendant without the victims' knowledge included the victims' insurance policy limits and internal negotiation positions. In exchange for providing confidential information, the defendant received a portion of the ransomware payments in digital currency."
Prosecutors said the information helped shape ransom demands during negotiations. Between April and September 2023, five affected clients paid more than $75 million to BlackCat affiliates. Some of those payments were likely higher than they otherwise would have been because of the information Martino provided.
The victims included organizations across financial services, healthcare, retail, hospitality, and the nonprofit sector. In addition to the ransom payments, the attacks disrupted operations and, in some cases, affected service delivery.
Martino later obtained affiliate access to BlackCat's ransomware platform in May 2023. That access, typically reserved for trusted partners who deploy the malware, was shared with two co-conspirators, Kevin Martin and Ryan Goldberg.
"After the defendant obtained affiliate access, the defendant, Co-conspirator 1, and Co-Conspirator 2 agreed to, and did use the BlackCat ransomware and platform to attack and extort victims and share the ransom proceeds amongst themselves and with the BlackCat admin," the filing states.
Using those credentials, the group launched additional attacks beyond the incidents tied to Martino's clients. One targeted a medical device company that paid $1.2 million. Other victims did not pay but still experienced operational and financial fallout.
Prosecutors said Martino received millions of dollars in cryptocurrency tied to the scheme. While some of those assets were seized by the FBI, a portion had already been converted into purchases, including two homes, a boat, and several vehicles. He has been ordered to forfeit property and pay 10% of his income after his release.
... continue reading