Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

Summary

Angelo Martino, a ransomware negotiator, pleaded guilty to conspiring with BlackCat ransomware operators and two other incident responders (Ryan Goldberg and Kevin Martin) to conduct ransomware attacks against U.S. companies between April and November 2023. Martino provided BlackCat with confidential victim negotiation strategies and insurance details to maximize ransoms, receiving financial compensation in return. The scheme resulted in at least $1.2 million extorted from one victim; authorities seized $10 million in assets from Martino and he faces up to 20 years in prison.

Full text

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023 Ravie LakshmananApr 21, 2026Insider Threat / Cybercrime A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms. "Working as a negotiator on behalf of five different ransomware victims, Martino provided BlackCat attackers with confidential information about the negotiating position and strategy of his company's clients without the clients' or his employer’s knowledge or permission," the U.S. Department of Justice (DoJ) said in a Monday announcement. The information, which included the victims' insurance policy limits and internal negotiation positions, maximized the ransoms they were required to pay. Martino was financially compensated in exchange for providing the details. Martino, who was charged last month, also admitted to collaborating with two other incident responders, Ryan Goldberg and Kevin Martin, to successfully deploy BlackCat ransomware against multiple victims in the U.S. between April 2023 and November 2023. Martino and Martin worked for DigitalMint, while Goldberg was an incident response manager for cybersecurity company Sygnia. In one case, the defendants successfully extorted one victim for approximately $1.2 million in Bitcoin, and then split the illicit proceeds among themselves and laundered the funds through various means. In all, authorities seized $10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Martino has pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He is scheduled to be sentenced on July 9, 2026, and faces a maximum penalty of 20 years in prison. Martin and Goldberg pleaded guilty to the crime in December 2025 and are expected to be sentenced later this month. Like Martino, both individuals could be awarded a jail term of up to 20 years. "Angelo Martino's clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims," said Assistant Attorney General A. Tysen Duva of the DoJ's Criminal Division. "Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Bitcoin, Cybercrime, cybersecurity, data breach, digital forensics, Financial Crime, Incident response, insider threat, ransomware Trending News 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation The Hidden Security Risks of Shadow AI in Enterprises Your MTTD Looks Great. Your Post-Alert Gap Doesn't Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Fix Rising Application Security Risks Driven by AI Development Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization

Indicators of Compromise

• malware — BlackCat

Entities