Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 Ravie LakshmananApr 21, 2026Insider Threat / Cybercrime A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms. "Working as a negotiator on behalf of five different ransomware victims, Martino provided BlackCat attackers with confidential information about the negotiating position and strategy of his company's clients without the clients' or his employer’s knowledge or permission," the U.S. Department of Justice (DoJ) said in a Monday announcement. The information, which included the victims' insurance policy limits and internal negotiation positions, maximized the ransoms they were required to pay. Martino was financially compensated in exchange for providing the details. Martino, who was charged last month, also admitted to collaborating with two other incident responders, Ryan Goldberg and Kevin Martin, to successfully deploy BlackCat ransomware against multiple victims in the U.S. between April 2023 and November 2023. Martino and Martin worked for DigitalMint, while Goldberg was an incident response manager for cybersecurity company Sygnia. In one case, the defendants successfully extorted one victim for approximately $1.2 million in Bitcoin, and then split the illicit proceeds among themselves and laundered the funds through various means. In all, authorities seized $10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Martino has pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He is scheduled to be sentenced on July 9, 2026, and faces a maximum penalty of 20 years in prison. Martin and Goldberg pleaded guilty to the crime in December 2025 and are expected to be sentenced later this month. Like Martino, both individuals could be awarded a jail term of up to 20 years. "Angelo Martino's clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims," said Assistant Attorney General A. Tysen Duva of the DoJ's Criminal Division. "Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Bitcoin, Cybercrime, cybersecurity, data breach, digital forensics, Financial Crime, Incident response, insider threat, ransomware Trending News Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Your MTTD Looks Great. Your Post-Alert Gap Doesn't The Hidden Security Risks of Shadow AI in Enterprises OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Load More ▼ Popular Resources Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization Fix Rising Application Security Risks Driven by AI Development Discover Key AI Security Gaps CISOs Face in 2026