CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 16, 2026

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 - The Hacker News

The Hacker News Archived May 16, 2026 ✓ Full text saved

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 The Hacker News

Full text archived locally
✦ AI Summary · Claude Sonnet


    Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 Ravie LakshmananApr 21, 2026Insider Threat / Cybercrime A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms. "Working as a negotiator on behalf of five different ransomware victims, Martino provided BlackCat attackers with confidential information about the negotiating position and strategy of his company's clients without the clients' or his employer’s knowledge or permission," the U.S. Department of Justice (DoJ) said in a Monday announcement. The information, which included the victims' insurance policy limits and internal negotiation positions, maximized the ransoms they were required to pay. Martino was financially compensated in exchange for providing the details. Martino, who was charged last month, also admitted to collaborating with two other incident responders, Ryan Goldberg and Kevin Martin, to successfully deploy BlackCat ransomware against multiple victims in the U.S. between April 2023 and November 2023. Martino and Martin worked for DigitalMint, while Goldberg was an incident response manager for cybersecurity company Sygnia. In one case, the defendants successfully extorted one victim for approximately $1.2 million in Bitcoin, and then split the illicit proceeds among themselves and laundered the funds through various means. In all, authorities seized $10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Martino has pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He is scheduled to be sentenced on July 9, 2026, and faces a maximum penalty of 20 years in prison. Martin and Goldberg pleaded guilty to the crime in December 2025 and are expected to be sentenced later this month. Like Martino, both individuals could be awarded a jail term of up to 20 years. "Angelo Martino's clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims," said Assistant Attorney General A. Tysen Duva of the DoJ's Criminal Division. "Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Bitcoin, Cybercrime, cybersecurity, data breach, digital forensics, Financial Crime, Incident response, insider threat, ransomware ⚡ Top Stories This Week Trellix Confirms Source Code Breach With Unauthorized Repository Access ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions 2026: The Year of AI-Assisted Attacks PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Day Zero Readiness: The Operational Gaps That Break Incident Response 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is Load More ▼ ⭐ Featured Resources [Demo] Discover How to Control Autonomous Identity Risks Effectively [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster [Guide] Get Practical AI SOC Insights to Improve Threat Detection
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    May 16, 2026
    Archived
    May 16, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗