A former Florida-based ransomware negotiator has been sentenced to 70 months in federal prison for conspiring with BlackCat/ALPHV ransomware operators to attack multiple U.S. victims. Angelo Martino, from Land O’Lakes, Florida, was employed by a U.S.-based cyber incident response company, where his role was to assist organizations in recovering from ransomware incidents and negotiating with threat actors. Instead, prosecutors revealed that he exploited his access to confidential client information to aid the very cybercriminals targeting those victims.
According to the U.S. Department of Justice, Martino began collaborating with BlackCat actors in April. He provided the ransomware group with sensitive details about victims’ negotiation strategies, financial positions, and planned ransom responses. This intelligence enabled the attackers to intensify pressure on victims and demand higher payments. The BlackCat ransomware operation, also known as ALPHV, functioned as a ransomware-as-a-service platform, supplying malware and infrastructure to affiliates who conducted network intrusions, stole data, encrypted systems, and demanded cryptocurrency payments. The group became one of the most disruptive ransomware operations targeting organizations worldwide.
Martino also conspired with Kevin Martin of Texas and Ryan Goldberg of Georgia, both former cybersecurity professionals. Between April and November, the trio deployed BlackCat ransomware against additional U.S. organizations. Prosecutors stated that they successfully extorted one victim for approximately $1 million in Bitcoin. The conspirators divided their share of the ransom payment into three portions and utilized various methods to launder the cryptocurrency proceeds.
Martino pleaded guilty in April to one count of conspiracy to interfere with interstate commerce through extortion. Martin and Goldberg were previously sentenced to 70 months in prison in May. Law enforcement has seized more than $1 million in assets linked to Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Authorities indicated that these assets were acquired through proceeds from the extortion scheme. A restitution hearing is scheduled for September.
This case underscores the insider threat that can emerge during ransomware response efforts. Incident response providers often receive highly sensitive information, including ransom affordability assessments, insurance details, recovery plans, internal communications, and negotiation limits. Unauthorized disclosure of such information can directly enhance an attacker’s ability to extort a victim. The FBI Miami Field Office led the investigation with support from the U.S. Secret Service. The prosecution is part of Operation Riptide, an FBI campaign focused on cybercrime actors, infrastructure, financial networks, and fraud operations. The Justice Department previously disrupted BlackCat’s infrastructure in December, during which the FBI developed a decryption tool that helped hundreds of victims restore encrypted systems and reportedly prevented approximately $68 million in ransom payments.
The sentencing of Martino highlights the critical importance of trust and integrity within the cybersecurity industry. When professionals entrusted with sensitive information betray that trust, the consequences can be devastating for victims and the broader community. This case serves as a stark reminder for organizations to implement stringent vetting processes and continuous monitoring of personnel involved in incident response and negotiation roles. Additionally, it emphasizes the need for robust internal controls to prevent the misuse of privileged information. As ransomware attacks continue to evolve, maintaining the highest ethical standards within cybersecurity practices is paramount to effectively combating these threats.