Skip to content

Former Ransomware Negotiator Sentenced for Helping BlackCat/ALPHV Extort U.S. Victims

A former ransomware negotiator from Florida has been sentenced to federal prison for helping BlackCat/ALPHV ransomware actors extort U.S. victims while he was supposed to be helping victims respond to attacks.

The Justice Department announced that Angelo Martino, 41, of Land O’Lakes, Florida, was sentenced to 70 months in prison for his role in conspiring with BlackCat/ALPHV actors to extort multiple victims.

According to DOJ, Martino was formerly employed as a ransomware negotiator at a U.S.-based cyber incident response company. Prosecutors said he abused that role by providing BlackCat actors with confidential information about victims’ negotiating positions and strategies, allowing the ransomware group to push for larger payments.

The scheme allegedly began in April 2023 and involved five ransomware victims. DOJ said Martino was paid by BlackCat attackers to help them maximize ransom payments from clients his employer had been hired to represent.

Martino also conspired with two other former cybersecurity professionals, Kevin Martin of Texas and Ryan Goldberg of Georgia, to deploy BlackCat ransomware against additional U.S. victims between April and November 2023.

In one case, the group successfully extorted a victim for approximately $1.2 million in Bitcoin. DOJ said the men split their share of the ransom three ways and laundered the proceeds through various methods.

Martino pleaded guilty on April 14 to conspiring to interfere with interstate commerce through extortion. Martin and Goldberg were separately sentenced to 48 months in prison on May 1.

Law enforcement has seized more than $10 million in assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. A restitution hearing is scheduled for September 17.

The case follows DOJ’s earlier disruption of BlackCat in December 2023, when the FBI developed a decryption tool that helped hundreds of victims recover systems and saved victims an estimated $99 million in ransom payments.

DOJ said the case is part of Operation Riptide, an ongoing FBI campaign targeting cybercriminals, infrastructure, and financial networks behind ransomware, cyber-enabled crime, and fraud.

The case is a reminder that ransomware risk does not only come from external attackers. Insider access, negotiation data, incident response communications, and victim strategy details can become extremely valuable when abused by someone trusted inside the response process.

Latest