Ransomware Negotiator Pleads Guilty to Aiding BlackCat Cartel as a Double Agent

A cybersecurity professional hired to protect U.S. companies from cyberattacks was secretly working for the enemy. Angelo Martino, a 41-year-old former BlackCat ransomware negotiator from Florida, has officially pleaded guilty to conspiring with the notorious BlackCat/ALPHV ransomware cartel. According to the U.S. Department of Justice, Martino abused his trusted position to orchestrate attacks and maximize extortion payouts against the very organizations he was hired to defend.

Starting in April 2023, Martino acted as a double agent while representing five different ransomware victims. Instead of mitigating the damage, he covertly shared his clients' highly confidential internal strategies with the BlackCat attackers. This leaked intelligence included the maximum limits of the victims' cyber insurance policies and their internal negotiation boundaries. Armed with this insider knowledge, the ransomware operators were able to extract the absolute maximum ransom payments possible, subsequently paying Martino a cut for his espionage.

The scheme eventually evolved beyond corporate espionage. Between April and November 2023, Martino collaborated with two other cybersecurity workers to actively deploy BlackCat ransomware against multiple U.S. targets. In one specific incident, the trio successfully extorted a victim for approximately $1.2 million in Bitcoin, splitting the illicit proceeds among themselves.

Federal law enforcement has since seized over $10 million in assets tied to Martino's criminal enterprise. The confiscated property includes digital currency, multiple vehicles, a food truck, and a luxury fishing boat. Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division emphasized the severity of the betrayal, noting that Martino harmed victims, his own employer, and the broader cyber incident response industry.

Martino and one of his co-conspirators were formerly employed by the cybersecurity firm DigitalMint. Following the DOJ's announcement, a DigitalMint spokesperson confirmed that the company had absolutely no knowledge of or involvement in the extortion ring. The firm stated that the actions were a clear violation of their ethical standards and the law, confirming that the involved employees were immediately terminated upon discovery of the allegations.

DigitalMint has fully cooperated with federal authorities throughout the investigation. Martino is currently scheduled to be sentenced in July and faces a maximum penalty of 20 years in federal prison for his role in the conspiracy.

This case exposes a critical vulnerability within the cybersecurity ecosystem: the absolute reliance on third-party incident responders during a crisis. When a company suffers a breach, negotiators are granted unfettered access to sensitive financial data, including cyber insurance policy limits. By leaking this exact ceiling to the BlackCat cartel, Martino effectively neutralized any negotiation leverage his clients held, guaranteeing the attackers a maximum payout.

The seizure of $10 million in assets - ranging from Bitcoin to a luxury fishing boat - highlights the massive financial incentives driving insider threats. Moving forward, organizations will likely demand stricter vetting, zero-trust operational models, and enhanced oversight for third-party negotiators handling high-stakes ransomware incidents.