Former Ransomware Negotiator Sentenced for Betrayal and Extortion
In a significant legal development, a 41-year-old former ransomware negotiator, Angelo Martino, has been sentenced to 70 months in prison by a U.S. court for his involvement in a conspiracy with the now-defunct BlackCat ransomware group. This case has drawn considerable attention due to the shocking betrayal of trust demonstrated by Martino, who was tasked with aiding victims of cyber extortion but instead became an ally to the very criminals he was meant to combat.
Martino, a resident of Land O’Lakes, Florida, pleaded guilty in April to a single count of conspiring to interfere with interstate commerce through extortion. His duplicitous actions involved negotiating on behalf of five separate victims while secretly providing the BlackCat attackers with sensitive information regarding these victims’ negotiation positions and strategies. This included crucial details about the victims’ insurance policy limits and internal negotiation stances, which enabled the perpetrators to maximize the ransom amounts extracted from the victims without their knowledge.
Federal prosecutors characterized Martino as a “double agent,” asserting that he sought to maximize damage to his clients while reaping financial rewards from the cybercriminals who compensated him with a portion of the ransoms collected. This betrayal was highlighted during the sentencing, where Assistant Attorney General A. Tysen Duva described the devastating impact on Martino’s victims, many of whom shared harrowing accounts of how close their businesses came to ruin because of his treachery.
In addition to his individual actions, Martino is implicated in a broader conspiracy alongside two other cybersecurity professionals, Ryan Goldberg and Kevin Martin. Between April and November of 2023, the three men reportedly collaborated to deploy the BlackCat ransomware against multiple targets across the United States. While Martino and Martin were employed by DigitalMint, Goldberg held a position as an incident response manager for the cybersecurity firm Sygnia. Both Goldberg and Martin had previously pleaded guilty to similar charges and were sentenced to four years in prison each in May 2026 for their roles in the attacks.
This case marks a notable moment in the ongoing battle against ransomware—a threat that has escalated dramatically in recent years. U.S. Attorney Jason A. Reding Quiñones emphasized the gravity of Martino’s betrayal, stating, “He was hired to help victims in a moment of crisis. Instead, Martino betrayed them, fed their confidential negotiating positions to ransomware criminals, and helped squeeze them for more money.” This underscores a broader concern for the cybersecurity community, wherein insiders may exploit the trust placed in them, heightening the risk for victims already facing significant distress.
In a bid to recover losses attributed to Martino’s actions, the U.S. Justice Department has seized approximately $10 million worth of assets connected to him thus far. This haul includes not only digital currencies but also tangible items like vehicles, a food truck, and a luxury fishing boat, all allegedly acquired through the illicit proceeds of his criminal activities. Furthermore, Martino is slated to make an appearance in court on September 17, 2026, where the specifics of his restitution—compensation for the victims—will be decided.
The case encapsulates the urgent need for robust cybersecurity measures and highlights the ongoing efforts by law enforcement to tackle the dual threats of ransomware deployment and insider complicity. As outlined by Assistant Director Brett Leatherman of the FBI’s Cyber Division, the consequences for those like Martino who betray their roles can be severe, sending a strong message that the government will continue to pursue both the hackers and those who enable their illicit activities.
As the landscape of cyber threats continues to evolve, the Martino case serves as a stark reminder of the critical importance of integrity within the cybersecurity profession, urging firms and clients alike to remain vigilant against not only external attacks but also potential internal threats. It reinforces the necessity of safeguarding sensitive information and the trust that clients place in cybersecurity professionals, particularly in times of crisis.
