Ransomware negotiator pleads guilty to helping ransomware gang

Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals extort companies in cyberattacks. 

On Monday, the U.S. Justice Department announced the guilty plea. Martino, who used to work for cybersecurity firm DigitalMint, admitted to playing both sides of the negotiation in five different incidents. While ostensibly working for the victims, Martino admitted to feeding confidential information back to the operators of the ALPHV/BlackCat ransomware, providing them information such as the victim’s insurance policy limits, as well as their negotiation strategies. 

Martino’s goal was to maximize the criminals’ payout, for which he took a cut, prosecutors said. He is the third ransomware negotiator in the past year to face jail for the same scheme.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva in the press release. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.”

ALPHV/BlackCat operated as a ransomware-as-a-service, meaning the gang develops and maintains the file-locking malware, while contractors working as affiliates deploy it in cyberattacks and pay a portion of the ransom profits back to the developers.

Last year, U.S. prosecutors accused another DigitalMint employee, Kevin Tyler Martin, as well as Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, of going rogue and helping the ransomware gang that they were ostensibly working to counter during their day jobs. 

At the time, the authorities mentioned a third individual, without naming him, as being part of this scheme. We now know that it was Martino. 

Martino pleaded guilty to extortion and faces up to 20 years in prison. Authorities said they have already seized $10 million in assets from him. 

According to the Justice Department, Martino also admitted to helping Goldberg and Martin deploy ALPHV/BlackCat’s ransomware against several victims inside the U.S. for six months in 2023. The three essentially became ALPHV/BlackCat affiliates during that time, making more than $1.2 million from one victim, according to prosecutors. 

When reached for comment on Tuesday, an unnamed DigitalMint spokesperson told TechCrunch in a statement that the company had no knowledge of Martino’s criminal actions and that it fired the two employees after learning of the accusations against them. 

In 2023, an international coalition of law enforcement authorities seized the dark web leak site of ALPHV/BlackCat, disrupting its operations. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims to restore their systems.