A Ransomware Negotiator Pleads Guilty to Conducting Cyber Attacks
An individual previously employed as a ransomware negotiator has recently admitted to participating in ransomware attacks against American companies in 2023.
Angelo Martino, a 41-year-old resident of Land O’Lakes, Florida, joined forces with the creators of the BlackCat ransomware in April 2023 to aid the criminal group in extorting larger sums as ransom payments.
According to the U.S. Department of Justice (DoJ), Martino collaborated with the BlackCat attackers by divulging confidential information about the negotiation strategies and positions of his clients without their or his employer’s consent. This information, which included insurance policy limits and internal negotiation details, led to increased ransom demands. Martino received financial compensation in return for sharing these details.
Aside from his role as a negotiator, Martino also confessed to working with two other incident responders, Ryan Goldberg and Kevin Martin, to execute BlackCat ransomware attacks on multiple victims in the U.S. between April and November 2023. Martino and Martin were affiliated with DigitalMint, while Goldberg worked as an incident response manager at cybersecurity firm Sygnia.
In one instance, the trio successfully extorted approximately $1.2 million in Bitcoin from a victim, dividing the illicit proceeds among themselves and laundering the funds through various channels. Authorities seized $10 million worth of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat.
Martino pleaded guilty to one count of conspiracy to affect commerce through extortion and is set to be sentenced on July 9, 2026, facing a maximum prison term of 20 years. Martin and Goldberg, who also pleaded guilty in December 2025, are awaiting sentencing and could receive the same 20-year sentence as Martino.
Assistant Attorney General A. Tysen Duva of the DoJ’s Criminal Division stated, “Angelo Martino was entrusted by his clients to respond to ransomware threats and aid in preventing and resolving them. Instead, he chose to betray their trust and engage in ransomware attacks himself, ultimately harming victims, his employer, and the cybersecurity incident response industry.”
