Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals extort companies in cyberattacks. 

On Monday, the U.S. Justice Department proclaimed the guilty plea. Martino, who used to work for cybersecurity firm DigitalMint, admitted to playing both sides of the negotiation in five different incidents. While ostensibly working for the victims, Martino admitted to feeding confidential information back to the operators of the ALPHV/BlackCat ransomware, providing them information such as the victim’s insurance policy limits, as well as their negotiation strategies.  Furthermore, experts in startup note the continued relevance.

Martino’s goal was to maximize the criminals’ payout, for which he took a cut, prosecutors mentioned. He is the third ransomware negotiator in the past year to face jail for the same scheme.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them For victims,” noted Assistant Attorney General A. Tysen Duva in the press release. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.”

ALPHV/BlackCat operated as a ransomware-as-a-service, meaning the gang develops and maintains the file-locking malware, while contractors working as affiliates deploy it in cyberattacks and pay a portion of the ransom profits back to the developers.

Last year, U.S. prosecutors accused another DigitalMint employee, Kevin Tyler Martin, as well as Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, of going rogue and helping the ransomware gang that they were ostensibly working to counter during their day jobs. 

At the time, the authorities mentioned a third individual, without naming him, as being part of this scheme. We now know that it was Martino. 

Meet your next investor or portfolio startup at Disrupt

Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to , where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410.

Martino pleaded guilty to extortion and faces up to 20 years in prison. Authorities noted they have already seized $10 million in assets from him. 

Martino also admitted to helping Goldberg and Martin deploy ALPHV, according to the Justice Department/BlackCat’s ransomware against several victims inside the U.S. for six months in 2023. The three essentially became ALPHV/BlackCat affiliates during that time, making more than $1.2 million from one victim, according to prosecutors.  This also touches on aspects of user interface.

When reached for comment on Tuesday, an unnamed DigitalMint spokesperson told TechCrunch in a statement that the firm had no knowledge of Martino’s criminal actions and that it fired the two employees after learning of the accusations against them. 

In 2023, an international coalition of law enforcement authorities seized the dark web leak site of ALPHV/BlackCat, disrupting its operations. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims to restore their systems.

Topics

When you purchase through links in our articles, we may earn a tiny commission. This doesn’t affect our editorial independence.