US Authorities Pursue Another Alleged BlackCat Ransomware Negotiator

The U.S. Department of Justice has recently brought charges against a former DigitalMint employee for his involvement in an insider scheme collaborating with the BlackCat (ALPHV) ransomware operation.

Angelo Martino, who surrendered to the U.S. Marshals on March 10, has been charged with conspiracy to interfere with interstate commerce by extortion.

Court documents reveal that Martino disclosed confidential information related to ongoing negotiations with BlackCat operators while serving as a ransomware negotiator at DigitalMint, a cybersecurity company specializing in ransomware incident responses.

Between April 2023 and April 2025, Martino, along with accomplices Kevin Tyler Martin and Ryan Goldberg, were directly involved in ransomware attacks. Martin and Goldberg, both former employees, have already pleaded guilty and are awaiting sentencing in April.

Martino, previously known as “Co-Conspirator 1” in an October 2025 indictment, allegedly operated as a BlackCat affiliate, demanding ransom payments and threatening to leak data stolen from victims’ networks. The defendants also reportedly paid a 20% share of collected ransoms to the BlackCat administrators in exchange for access to the ransomware and extortion portal.

Victims of these attacks included at least five U.S. organizations, such as a Tampa-based medical device manufacturer that paid a $1.27 million ransom. Various industries, including medical facilities, law firms, school districts, and financial services companies, were targeted as well.

DigitalMint CEO Jonathan Solomon expressed strong condemnation of the actions, stating that the company terminated both individuals upon learning of their misconduct and fully cooperated with law enforcement throughout the investigation.

According to Solomon, DigitalMint has enhanced its safeguards and internal controls to minimize the risk of similar incidents in the future, emphasizing the seriousness with which such behavior is taken.

The BlackCat ransomware operation has previously been associated with over 60 breaches from November 2021 to March 2022, with the FBI estimating that the gang amassed over $300 million in payments from more than 1,000 victims by September 2023.

Notably, in 2019, ProPublica reported on U.S. data recovery firms secretly paying ransomware gangs to alleviate pressure on clients facing ransom demands, all while charging customers for restoration services without disclosing these payments.

Discover how malware is evolving with the Red Report 2026, uncovering new threats that leverage mathematical techniques to evade detection and operate covertly.

Access our analysis of 1.1 million malicious samples to identify the top 10 techniques and assess the effectiveness of your security measures.

Download The Report