The United States Department of Justice (DoJ) has made public the case of Angelo Martino, a 41-year-old former ransomware negotiator based in Florida, who has pleaded guilty to conspiring with the cybercriminal group ALPHV/BlackCat while working for extorted victim companies.
The case, described by authorities as a “betrayal from within” the incident response ecosystem, reveals how the accused not only leaked confidential information to the attackers but also actively participated in ransomware campaigns against U.S. organizations.
Martino worked at a cyber incident response company as a ransomware negotiator, meaning he was the professional responsible for mediating between victims and threat actors to reduce ransom amounts and manage the crisis.
However, since April 2023, he began collaborating with the operators of BlackCat/ALPHV, one of the most active ransomware groups on the global scene.
The DOJ details that while negotiating on behalf of at least five victims, Martino transmitted confidential information to the attackers without the knowledge or authorization of his clients or employer. Among the leaked data were the limits of affected companies’ cyber insurance policies and internal negotiation strategies.
According to the agency’s press release, this information “helped ransomware actors and maximized the ransoms that victims were forced to pay.”
In return, Martino received direct payments from cybercriminals for providing these sensitive data.
Not only an accomplice, but also an ‘affiliate’
The accused has also admitted to conspiring with two other cybersecurity professionals — Ryan Goldberg and Kevin Martin — to directly deploy BlackCat-type ransomware against multiple victims in the North American country between April and November 2023. The three leveraged their technical knowledge to execute the attacks.
In one of the incidents, the trio managed to extort approximately $1.2 million in bitcoin from a victim. Subsequently, the involved parties divided the profits and laundered the funds through various mechanisms.
The Department of Justice has highlighted how the accused “betrayed his clients and began launching ransomware attacks himself, aiding cybercriminals and harming victims, his own employer, and the industry.”
For his part, the deputy director of the FBI’s cyber division, Brett Leatherman, has emphasized that the case demonstrates that the ransomware phenomenon is not only transnational but also domestic.
So far, authorities have seized approximately $10 million in assets linked to Martino, including cryptocurrencies, vehicles, a food truck, and a luxury fishing boat acquired with crime proceeds.
The DOJ has confirmed that Martino has pleaded guilty to one count of conspiracy to interfere with commerce by extortion, a federal offense that can carry up to 20 years in prison.
His two accomplices have also done the same and await sentencing, with similar maximum penalties.
