The Negotiator Turned Traitor: Insider Betrayal in the BlackCat Ransomware Ring

A Florida man has admitted to playing both sides of the ransomware fence. Angelo Martino, 41, a former ransomware negotiator, pleaded guilty to conspiring with the notorious BlackCat (ALPHV) ransomware group to extort the very companies that had hired him for protection.

Beginning in April 2023, Martino abused his position at a prominent U.S.-based cyber incident response company. While ostensibly working to resolve crises for five different ransomware victims, he was secretly funneling their “confidential information about the negotiating position and strategy” to the attackers.

By providing BlackCat actors with internal data, such as a victim’s insurance policy limits, Martino ensured the cybercriminals could hold out for the highest possible payout.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva. “Instead, he betrayed them… harming victims, his own employer, and the cyber incident response industry itself.”

Martino’s involvement didn’t stop at leaking secrets. He eventually joined forces with two other cybersecurity professionals—Ryan Goldberg of Georgia and Kevin Martin of Texas—to launch their own BlackCat attacks.

The trio successfully extorted a victim for $1.2 million in Bitcoin, splitting the proceeds three ways and laundering the funds to hide their tracks. Their specialized knowledge of the industry made them particularly effective, and dangerous, adversaries.

The financial fallout for Martino has been swift. Law enforcement has already seized $10 million in assets, highlighting the luxury lifestyle Martino funded through extortion. The seizures include:

• Digital currency
• Vehicles
• A food truck
• A luxury fishing boat

The prosecution of Martino, Goldberg, and Martin serves as a stark warning to the cybersecurity industry. All three face a maximum penalty of 20 years in federal prison.

This case follows a major December 2023 disruption of the BlackCat infrastructure, where the FBI developed a decryption tool that saved victims an estimated $99 million in potential ransoms.