A former ransomware negotiator has been sentenced to 70 months in federal prison. Prosecutors say he secretly helped BlackCat affiliates extract more money from victims.
Angelo Martino, 41, worked for a cyber incident response company. His role gave him access to private details about active ransomware negotiations.
Instead of protecting clients, he shared that information with attackers. BlackCat affiliates then used it to increase pressure and demand larger payments.
Ransomware Negotiator Leaked Victim Strategies
The US Department of Justice said Martino began working with BlackCat affiliates in April 2023.
As a ransomware negotiator, he knew how victims planned to respond. He also knew how much they might be willing to pay.
Prosecutors said Martino passed those details to the attackers. The information helped them adjust their demands during negotiations.
Authorities linked the scheme to five ransomware victims. Martino also received payments from the criminals for his assistance.
US Attorney Jason A. Reding Quiñones said Martino betrayed organizations during a crisis. The victims had hired him to reduce the damage from cyberattacks.
Instead, he gave their confidential positions to the people extorting them.
Martino Later Joined BlackCat Attacks
Investigators said Martino eventually moved beyond sharing inside information.
He worked with Kevin Martin, 36, of Texas, and Ryan Goldberg, 41, of Georgia. The three men allegedly deployed BlackCat ransomware against other organizations.
The attacks took place between April and November 2023.
In one case, the group received about $1.2 million in Bitcoin. Prosecutors said they divided the money and later laundered it.
Martin and Goldberg previously received prison sentences of 48 months.
Assistant Attorney General A. Tysen Duva said several victims nearly lost their businesses. They had trusted cybersecurity professionals to help them recover.
Instead, those same professionals allegedly worked with ransomware operators.
More Than $10 Million Seized
Law enforcement seized over $10 million in assets linked to Martino.
The property included cryptocurrency, vehicles, a food truck, and a luxury fishing boat.
A restitution hearing is scheduled for September 17. The court will decide how much Martino must repay the victims.
BlackCat Hit More Than 1,000 Victims
The case forms part of wider US action against the BlackCat ransomware network.
BlackCat is also known as ALPHV and Noberus. Authorities say it has targeted more than 1,000 victims worldwide.
The group operated through a ransomware-as-a-service model. BlackCat supplied malware and infrastructure to criminal affiliates.
Those affiliates then selected targets and launched attacks.
BlackCat commonly used double extortion. Attackers first stole sensitive files from a victim.
They then encrypted the victim’s systems. Finally, they demanded payment for a decryption key and a promise not to publish the stolen data.
FBI Disrupted BlackCat Operations
The FBI disrupted parts of BlackCat’s infrastructure in December 2023.
Agents gained access to the group’s systems and seized several websites. The operation also produced a decryption tool for victims.
Hundreds of affected organizations received the tool. It allowed them to recover files without paying the attackers.
The Justice Department estimates that the tool prevented about $99 million in ransom payments.
Officials said the operation helped businesses, schools, hospitals, and emergency services restore access faster.
The conviction of the former ransomware negotiator also shows the risks posed by trusted insiders. In this case, confidential client data became another weapon for the attackers.


0 responses to “Ransomware Negotiator Sentenced for Helping BlackCat Increase Ransom Demands”