In a significant development within the realm of cybercrime, a third individual has pleaded guilty for his role in facilitating ransomware attacks against U.S. businesses during 2023. Angelo Martino, a 41-year-old resident of Land O’Lakes, Florida, aligned himself with the notorious BlackCat ransomware group beginning in April of that year. His actions not only exacerbated the ongoing issues related to cybercrime but also betrayed the trust placed in him by his clients, revealing the darker side of incident response and negotiation.
Martino’s position as a ransomware negotiator allowed him to interact with five different victims who were under threat from the BlackCat group. However, rather than acting in the best interests of these companies, Martino shared confidential and sensitive information with the ransomware operators. This included crucial details about the victims’ insurance policy limits and internal strategies regarding negotiations. According to a recent announcement from the U.S. Department of Justice (DoJ), Martino’s actions were conducted without the knowledge or permission of either his employer or the clients he was meant to represent. This betrayal of trust dismantled the foundational principles of the incident response field, aimed at protecting businesses from cyber extortion.
The implications of Martino’s actions were dire. By providing the BlackCat attackers with insight into the negotiating tactics of his clients, he enabled the e-crime gang to maximize the ransoms demanded from these companies. The extent of the financial impact was stark: one notable case saw Martino and his collaborators successfully extort approximately $1.2 million in Bitcoin from a victim. This heist was not a standalone incident but rather part of a series of cyber extortion efforts that took place between April and November 2023.
Martino’s illegal activities were conducted in partnership with two other individuals, Ryan Goldberg and Kevin Martin. While Martino and Martin were both employed at DigitalMint, Goldberg held the title of incident response manager at the cybersecurity firm Sygnia. Together, they executed a range of ransomware attacks that not only led to substantial financial gains for themselves but also perpetuated a cycle of victimization for businesses across the nation.
The financial repercussions of these illegal actions were extensive. Authorities reported that Martino had $10 million in assets seized, including digital currency, vehicles, a food truck, and even a luxury fishing boat. The scale of the operation underscored the seriousness of the consequences that cybercrime can entail, both for the offenders and the companies they target.
Martino has pleaded guilty to one count of conspiracy, specifically for obstructing, delaying, or affecting commerce through extortion. He is scheduled for sentencing on July 9, 2026, where he faces a potential maximum prison sentence of 20 years. His co-conspirators, Martin and Goldberg, also pleaded guilty in December 2025 and are awaiting sentencing, facing similar penalties.
The ramifications of Martino’s actions extend beyond individual accountability; they crack open the critical dialogue around the integrity of cybersecurity practices. Assistant Attorney General A. Tysen Duva of the DoJ’s Criminal Division emphasized the profound betrayal represented by Martino’s conduct. He noted that the clients who sought Martino’s services trusted him to handle ransomware threats effectively, yet he chose to contribute to their plight instead.
This case illustrates not only the complexities involved in combating cybercrime but also the pressing need for trustworthy practices within the cybersecurity sector. It raises pertinent questions about how trust is established and maintained in a field where the stakes are incredibly high and the impacts of betrayal can be devastating. As the legal proceedings unfold, stakeholders within both the cybersecurity realm and broader business community will undoubtedly be monitoring the situation closely, emphasizing the ongoing need for vigilance and ethical conduct in the face of ever-evolving cyber threats.