A U.S. court sentenced former ransomware negotiator Angelo Martino, 41, to 70 months in prison for conspiring with the BlackCat ransomware gang. While negotiating on behalf of five victims, he secretly shared confidential information about their strategies and willingness to pay with the attackers.
Prosecutors described him as a “double agent” who helped maximize ransom payments while profiting from the criminal operation.
“Angelo Martino, 41, of Land O’Lakes, Florida, formerly employed as a ransomware negotiator, was sentenced today to 70 months for his role in conspiring with Blackcat/ALPHV (BlackCat) actors to extort multiple victims, as well as conspiring with other former cybersecurity professionals to attack additional victims in 2023.” reads the press release published by DoJ.
In April, Martino admitted to helping the BlackCat ransomware group while working for a U.S. incident response firm.
The man secretly shared sensitive client details with attackers, like insurance limits and negotiation strategies, while acting as a ransomware negotiator. This information came from five victim cases starting in April 2023 and helped the gang demand higher ransoms. In return, he was reportedly paid by the ransomware operators.
“Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed, while the people they hired to help them instead betrayed them to ransomware gangs,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Today’s sentence accounts for the harm Martino caused and demonstrates that the Department of Justice can and will identify and prosecute cybercriminals to the fullest extent of the law.”
Angelo Martino conspired with Ryan Goldberg and Kevin Martin to deploy BlackCat ransomware group attacks in the U.S. between April and Nov 2023. Using their cybersecurity skills, they helped extort multiple victims, including one paying about $1.2M in Bitcoin. The proceeds were split among them and laundered through different channels. Law enforcement later seized about $10M in assets from Martino, including crypto, vehicles, a food truck, and a luxury fishing boat bought with illicit funds.
“To date, law enforcement has seized $10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat that Martino obtained through the scheme.” concludes the report. “A hearing to determine the amount of restitution to be ordered against Martino is set for Sept. 17.”
In January, 2026, the U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023.
Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.
In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023. The third person was identified in March 2026 as Angelo Martino, a 41-year-old from Florida. He worked as a ransomware negotiator at an incident response firm alongside Kevin Martin. The third conspirator, Ryan Goldberg, was employed at a separate cybersecurity company.
“Today’s announcement follows the Justice Department’s prior actions in December 2023 to disrupt BlackCat ransomware, during which the FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer hundreds of victims the capability of restoring their systems, saving victims approximately $99 million in ransom payments. At that time, the FBI also seized several websites operated by the BlackCat ransomware actors.” concludes DoJ.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, BlackCat ransomware)