Ransomware negotiator admits role in attacks he was hired to resolve

Sinisa Markovic, Senior Staff Writer, Help Net Security April 21, 2026 Share Ransomware negotiator admits role in attacks he was hired to resolve A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to carry out ransomware attacks against US companies. Prosecutors say Angelo Martino, 41, used his position at DigitalMint, a crypto broker that helps victims negotiate and pay ransomware demands, to pass sensitive information to attackers. Alongside Martino, two more individuals were involved in the scheme: Ryan Goldberg of Georgia and Kevin Martin of Texas. All three men worked in the cybersecurity industry and used their knowledge and skills to carry out the activity. Martino and Martin both worked as ransomware negotiators at DigitalMint. Goldberg worked as an incident response manager with Sygnia Cybersecurity Services. Beginning in April 2023, Martino used his role at DigitalMint to assist the BlackCat/ALPHV ransomware group. “Working as a negotiator on behalf of five different ransomware victims, Martino provided BlackCat attackers with confidential information about the negotiating position and strategy of his company’s clients without the clients’ or his employer’s knowledge or permission,” prosecutors said. The information included insurance policy limits and internal assessments, giving the attackers insight into how much victims could pay and how negotiations might unfold. After extorting one victim of about $1.2 million in Bitcoin, the group split the proceeds evenly and laundered the funds through a series of transactions. Law enforcement has seized $10 million from Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat purchased with proceeds linked to the operation. “Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.” Angelo Martino pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce or the movement of any article or commodity in commerce by extortion. He is scheduled to be sentenced on July 9 and faces a maximum penalty of 20 years in prison. Kevin Martin and Ryan Goldberg separately pleaded guilty to the same charge in December 2025. They are scheduled to be sentenced on April 30 and each face up to 20 years in prison. In late 2023, law enforcement disrupted the BlackCat/ALPHV ransomware group by seizing control of its data leak site. More about law enforcement ransomware US DoJ USA Share