Back to Feed
RansomwareJul 10, 2026

Former ransomware negotiator gets 4 years for BlackCat attacks

Former ransomware negotiators sentenced to prison for BlackCat attacks.

Summary

Three former ransomware negotiators have been sentenced to prison for their involvement in BlackCat (ALPHV) ransomware attacks targeting U.S. companies. Angelo Martino received 70 months, while Kevin Tyler Martin and Ryan Clifford Goldberg each received four years. The group operated as BlackCat affiliates, demanding ransom and threatening data leaks, while Martino also shared victim intelligence with BlackCat operators.

Full text

Former ransomware negotiator gets 4 years for BlackCat attacks By Sergiu Gatlan July 10, 2026 04:17 AM 0 A former employee of cybersecurity incident response company DigitalMint was sentenced to 70 months in prison for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. The FBI linked the BlackCat ransomware gang to more than 60 breaches between November 2021 and March 2022, adding in a separate advisory that the cybercrime group had collected at least $300 million in ransom payments from more than 1,000 victims through September 2023. 41-year-old Angelo Martino was charged and pleaded guilty to his role in some of these attacks, along with two other Sygnia and DigitalMint ransomware negotiators, 28-year-old Kevin Tyler Martin and 33-year-old Ryan Clifford Goldberg. Martin and Goldberg pleaded guilty in December to conspiracy to obstruct commerce by extortion and were also sentenced to four years in prison each in May. While Martino was initially identified only as "Co-Conspirator 1" in an October 2025 indictment, he was named in court documents unsealed in March. According to the court documents, between April 2023 and April 2025, Martino was directly involved in BlackCat ransomware attacks alongside accomplices Ryan Goldberg and Kevin Tyler Martin. While operating as BlackCat affiliates, the three former Sygnia and DigitalMint employees demanded ransom payments and threatened to leak stolen data before encrypting their systems. The three accomplices paid the BlackCat admins a 20% share of all ransom proceeds for access to the ransomware and extortion portal. Prosecutors added that Martino had also shared confidential information about victims' insurance policy limits and negotiation positions with BlackCat ransomware operators while working as a negotiator for five victims, allowing the cybercriminals to extort the maximum possible amount. Their victims include at least five U.S. organizations, including a financial services firm that paid $25,660,000 and a nonprofit that paid a $26,793,000 ransom, as well as school districts, medical facilities, law firms, and other financial services companies. DigitalMint CEO Jonathan Solomon previously told BleepingComputer that the company condemned Martin and Martino's malicious conduct, noting that they were fired immediately after their actions were discovered. "We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals," Solomon said. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Blackfield ransomware asks Nidec Corporation for $2 million ransomNew Prinz Eugen ransomware prioritizes recent files for encryptionFoxconn confirms cyberattack claimed by Nitrogen ransomware gangNew Helix vishing group emerges in SharePoint data theft attacksAssuranceAmerica data breach exposes records of 6.9 million drivers

Indicators of Compromise

  • malware — BlackCat
  • malware — ALPHV

Entities

BlackCat (threat_actor)ALPHV (threat_actor)BlackCat (product)DigitalMint (vendor)Sygnia (vendor)