[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGtzUUOFWKYlvlXx7E1cfOj2i4SgW6bwzLFDPQnhnNb0":3},{"article":4,"iocs":56},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"3725e3ed-90c3-433d-b253-8ae85e935a89","Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail","former-digitalmint-ransomware-negotiator-who-duped-clients-sentenced-to-70-month-dfd455","Angelo Martino exploited his insider position and fed confidential information to ransomware co-conspirators to extort a combined $75.3 million from five U.S.-based victims. The post Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail appeared first on CyberScoop.","Angelo Martino, a former ransomware negotiator for DigitalMint, has been sentenced to 70 months in prison for his role in extorting $75.3 million from five U.S. companies. He exploited his insider position to share confidential client information with BlackCat ransomware affiliates, effectively negotiating against himself. Martino also conspired with other former DigitalMint employees to deploy BlackCat ransomware against additional victims.","Former ransomware negotiator sentenced to 70 months for extorting $75.3M from clients.","A former ransomware negotiator for DigitalMint was sentenced to 70 months in jail for deceiving his employer’s clients and conspiring with ransomware affiliates to extort a combined $75.3 million from five U.S. companies he was entrusted to aid during their moments of extreme crisis, the Justice Department said Thursday. Angelo John Martino III shared confidential information he gained from his work as a ransomware negotiator, including victim organizations’ negotiating positions and insurance policy limits, to extract the maximum payment for himself and other BlackCat affiliates he colluded with in backchannels. Five of Martino’s victims hired DigitalMint, which assigned the 41-year-old to conduct ransomware negotiations on their clients’ behalf — a rare position he exploited to play both sides, effectively conducting ransomware negotiations with himself and his co-conspirators. The five victims, all of which paid a ransom between April 2023 and September 2023, include a nonprofit that paid a nearly $26.8 million ransom, a financial services company that paid nearly $25.7 million, and a hospitality company that paid almost $16.5 million. DigitalMint hired the South Florida-based man in 2022 after he was already engaging in criminal activity, according to court records. The husband and father of two young children had a long history as a cybersecurity professional, dating back to at least 2015, with previous stints at Booz Allen Hamilton, Tracepoint and TRM Labs. Martino surrendered to U.S. Marshals in March, was released on a $500,000 bond, and pleaded guilty in April to conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He faced up to 20 years in prison. Martino also admitted to conspiring with Kevin Tyler Martin, another former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former manager of incident response at Sygnia, to deploy BlackCat ransomware, also known as ALPHV, against five additional U.S. companies between April and November 2023. Goldberg, Martin and Martino split proceeds from a nearly $1.3 million ransom payment they received from a medical company in May 2023, but did not successfully extort a financial payment from the other four victims. Goldberg and Martin pleaded guilty in December to participating in a series of ransomware attacks and were each sentenced in April to four years in prison. DigitalMint insists it had no knowledge of Martino’s criminal acts. “The actions of Martino and his co-conspirators were deliberately concealed from DigitalMint and were in clear violation of the company’s values, ethical standards and the law,” a company spokesperson told CyberScoop in a statement. The company also reiterated that it immediately terminated Martino and suspended his access to systems when the Justice Department notified the company it was investigating him in April 2025. “DigitalMint maintained controls consistent with industry standards, including background checks and compliance procedures, but Martino intentionally hid his conduct from the company, including through separate, unauthorized communication channels that the government’s filings describe as accessible only to Martino and the BlackCat negotiators and affiliates,” the spokesperson added. DigitalMint has yet to directly answer questions about whether it refunded its clients who were victimized by Martino. “We are not able to discuss specific client relationships or fee arrangements due to confidentiality obligations,” the spokesperson said. “We remain committed to our clients and will continue to maintain strict confidentiality on all commercial matters.” The case against Martino showcases an extreme, albeit rare, example of the dark underbelly of ransomware negotiation as a practice. The pitfalls of ransomware negotiation are excessive and these backchannel negotiations, which remain largely unscrutinized, can go awry for various reasons. Officials describe Martino as a ‘double agent’ driven by greed Prosecutors said Martino obtained an ALPHV affiliate account that he shared with his co-conspirators and received a portion of the ransomware payments for his involvement in the conspiracy. Authorities have seized $10 million in assets, including a bayfront home with an estimated value of $1.68 million, a second single-family home with an estimated value of $396,000, and cryptocurrency wallets controlled by Martino. Law enforcement also seized multiple vehicles, a food truck and a 29-foot luxury fishing boat that Martino obtained using proceeds from his crimes. “Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed, while the people they hired to help them instead betrayed them to ransomware gangs,” A. Tysen Duva, assistant attorney general at the Justice Department’s Criminal Division, said in a statement. “Today’s sentence accounts for the harm Martino caused and demonstrates that the Department of Justice can and will identify and prosecute cybercriminals to the fullest extent of the law.” Court records include a series of chats Martino held with co-conspirators and victims that exemplify the lengths he went to betray DigitalMint’s clients and empower his accomplices with crucial tips for a successful negotiation strategy. During an incident response with one of his victims, Martino told a BlackCat affiliate the company’s insurance carrier “was only approving small accounts,” according to his plea agreement. “Keep denying our offers and I will let you know once I find out the max the[y] want to pay,” he added. “We don’t know how you came up with your demand but we are losing money operationally and all of our loans are going to turnover on us this year at double the interest rates,” Martino said in a negotiation chat visible to DigitalMint and the victim organization in the hospitality industry. “We are able to give you $1 million now, which is a very serious offer.” Following Martino’s instructions, the BlackCat accomplice responded: “Well, you can keep that for the penalties and lawsuits which are coming your way in case we expose you. Time is ticking — we know how much you can pay. Contact your insurance. We know about them also. Stop wasting time.” That victim company ultimately paid a ransom worth nearly $16.5 million at the time to receive a decryptor and the BlackCat affiliate’s commitment to not publish stolen data. Two other victims Martino represented via DigitalMint at the time paid $6.1 million and $213,000 ransoms for similar commitments. “Angelo Martino sold out the very victims he was hired to represent, handing their confidential negotiating positions to BlackCat actors to drive up ransoms and enrich himself,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement. In a sentencing memo, federal prosecutors described Martino as a “double agent working to maximize the harm to his clients and the financial gain to cybercriminals who paid him a part of the ransom.” Prosecutors added: “This was not a crime of opportunity or momentary weakness; it was a sustained abuse of a fiduciary-like relationship driven by a single purpose: greed.” ALPHV\u002FBlackCat, which first appeared in late 2021, was a notorious ransomware variant linked to a series of attacks on critical infrastructure providers. The Justice Department disrupted BlackCat in December 2023, seized sites operated by some of its affiliates, and said the FBI developed a decryption tool that helped hundreds of victims restore their systems and save about $99 million in ransom payments at the time. Martino is scheduled to return to court Sept. 17 to determine the amount of restitution ordered against him for his crimes. Share Facebook LinkedIn Twitter Copy Link","https:\u002F\u002Fcyberscoop.com\u002Fdigitalmint-ransomware-negotiator-angelo-martino-sentenced\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F03\u002FGettyImages-1169182732.jpg","2026-07-10T00:16:13+00:00","2026-07-10T02:00:20.572411+00:00",8,[18,21,24,27,29,31],{"name":19,"type":20},"BlackCat","threat_actor",{"name":22,"type":23},"BlackCat ransomware","product",{"name":25,"type":26},"DigitalMint","vendor",{"name":28,"type":26},"Sygnia",{"name":30,"type":26},"Booz Allen Hamilton",{"name":32,"type":26},"Tracepoint","7d8b5ab8-ea0b-4ced-ae97-ec251b86993a",{"id":33,"icon":35,"name":36,"slug":37},null,"Ransomware","ransomware",[39,44,49,51],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":50},{"id":33,"icon":35,"name":36,"slug":37},{"category":52},{"id":53,"icon":35,"name":54,"slug":55},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[57,60],{"type":58,"value":19,"context":59},"malware","Ransomware variant used in the scheme",{"type":58,"value":61,"context":62},"ALPHV","Alternative name for BlackCat ransomware"]