Former ransomware negotiator pleads guilty to BlackCat attacks

Summary

Angelo Martino, a 41-year-old former employee of cybersecurity firm DigitalMint, pleaded guilty to conspiracy and extortion charges for participating in BlackCat (ALPHV) ransomware attacks in 2023. Working alongside two other negotiators, Martino shared confidential victim information and insurance details with BlackCat operators to maximize extortion demands, targeting at least five U.S. organizations including financial services firms and nonprofits. The three defendants collectively collected millions in ransom payments while paying BlackCat administrators 20% of proceeds for access to the ransomware and extortion infrastructure.

Full text

Former ransomware negotiator pleads guilty to BlackCat attacks By Sergiu Gatlan April 21, 2026 06:12 AM 0 41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. Together with two other Sygnia and DigitalMint ransomware negotiators (33-year-old Ryan Clifford Goldberg and 28-year-old Kevin Tyler Martin), Martino was charged with conspiracy to interfere with interstate commerce by extortion, interference with interstate commerce by extortion, and intentional damage to protected computers. Martino was initially identified only as "Co-Conspirator 1" in an October 2025 indictment, but was named in court documents unsealed in March. Martin and Goldberg also pleaded guilty to conspiracy to obstruct commerce by extortion and are facing up to 20 years in prison each. According to court documents, while working as a negotiator for five victims, Martino shared confidential information about the victims' negotiation positions and insurance policy limits with BlackCat ransomware operators, helping the cybercriminals extort the maximum possible amount. Between April 2023 and April 2025, he was also involved in BlackCat ransomware attacks alongside accomplices Kevin Tyler Martin and Ryan Goldberg. While operating as BlackCat affiliates, the three defendants demanded ransom payments and threatened victims to leak data stolen before encrypting their systems. Prosecutors added that the three accomplices paid the BlackCat administrators a 20% share of all ransoms proceeds for access to the ransomware and extortion portal. Their victims included at least five U.S. organizations, among them a financial services firm that paid $25,660,000 and a nonprofit that paid a $26,793,000 ransom, as well as law firms, school districts, medical facilities, and other financial services companies. DigitalMint CEO Jonathan Solomon told BleepingComputer that the company condemned the previous malicious conduct and noted that Martin and Martino were fired after their actions were discovered. "We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals," Solomon said. The BlackCat ransomware operation has been linked by the FBI to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau added that the cybercrime gang collected at least $300 million in ransom payments from over 1,000 victims through September 2023. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: US charges another ransomware negotiator linked to BlackCat attacksEvolution of Ransomware: Multi-Extortion Ransomware AttacksRansomware payment rate drops to record low as attacks surgeThe Gentlemen ransomware now uses SystemBC for bot-powered attacksSeiko USA website defaced as hacker claims customer data theft

Indicators of Compromise

• malware — BlackCat
• malware — ALPHV

Entities