BlackCat Ransomware Plot: Negotiator Gets Decades in Prison
Angelo Martino, a former ransomware negotiator based in Florida, was sentenced on July 9, 2026, to an extraordinary 70,707 months in federal prison after admitting he conspired with ALPHV/BlackCat ransomware operators to extort victims whose incidents he had been hired to manage.
The U.S. Department of Justice characterized the prosecution as a major insider-threat case in which a trusted incident-response professional leaked negotiation intelligence, assisted in ransomware deployment, and helped launder extortion proceeds.
Martino, 41, of Land O’Lakes, worked for a cyber incident response firm and, according to court records, began colluding with BlackCat actors in April 2023.
BlackCat Ransomware Plot
Prosecutors allege he provided the group with confidential information from client engagements, including victims’ negotiation positions, insurance coverage details, and restoration timelines.
That privileged intelligence enabled the ransomware operators to refine pressure tactics and pursue larger ransom demands, converting a crisis-management insider into an operational asset for the extortion network.
Authorities say the conspiracy touched at least five victims. In one instance, the attackers extracted roughly $1.2 million in Bitcoin from a U.S. organization; proceeds were split among conspirators and laundered through various channels.
Martino also conspired with two former cybersecurity professionals, Kevin Martin of Texas and Ryan Goldberg of Georgia, to deploy BlackCat ransomware against other U.S. targets between April and November 2023. Both Martin and Goldberg received 48-month sentences in May after pleading guilty.
Martino entered a guilty plea on April 14 to conspiring to interfere with interstate commerce by extortion. Law enforcement has seized more than $10 million in assets tied to him, including cryptocurrency holdings, vehicles, a food truck, and a luxury fishing boat.
A restitution hearing is scheduled for September 17. The case was led by the FBI’s Miami Field Office with assistance from the U.S. Secret Service, and formed part of Operation Riptide, the FBI’s wider campaign targeting cybercrime infrastructure, actors, and financial networks.
The prosecution also ties into the Justice Department’s December 2023 disruption of BlackCat, when authorities seized the gang’s websites and distributed a decryptor reportedly saving victims an estimated $99 million in potential ransom payments.
That broader takedown demonstrated both the operational reach of law enforcement and the ongoing adaptability of ransomware groups, which recruit insiders and exploit third-party relationships to increase leverage.
For security leaders, the Martino conviction highlights a difficult and often underestimated risk: the compromise of trusted third parties engaged in incident response, negotiation, legal counsel, and cyber insurance.
Threat actors need not breach a victim’s network to gain an advantage; they can extract value from negotiation intelligence, internal decision-making processes, and knowledge of payment thresholds or restoration progress. As shown in this case, insiders with access to that information can both amplify pressure and expand the scale of extortion.
Practical mitigations include enforcing strict need-to-know access controls during incidents, segregating and encrypting negotiation records, and logging and monitoring third-party access to sensitive data.
Organizations should tighten vendor governance: require background checks and conflict-of-interest disclosures for personnel in sensitive roles, mandate contractual confidentiality and audit rights, and regularly review third-party security practices.
Incident-response teams must also rotate negotiators where feasible and implement tamper-evident handling of negotiation artifacts.
The Martino sentencing is a stark reminder that the human element remains a primary vulnerability in cybersecurity. Technical defenses and legal takedowns matter, but protecting the integrity of those who manage crises is equally critical to denying threat actors the leverage they need to extort organizations successfully.
No Comment! Be the first one.