Ransomware negotiator pleads guilty to aiding ransomware gang

Former ransomware negotiator Angelo Martino has pleaded guilty to helping cybercriminals extort businesses in a cyberattack.

On Monday, the U.S. Department of Justice announced the guilty plea. Martino, who worked for cybersecurity firm Digital Mint, acknowledged playing both sides of the negotiations in five different cases. Martino admitted that while ostensibly working for victims, he fed back sensitive information to the ALPHV/BlackCat ransomware operators, providing information such as victims’ insurance policy limits and negotiation strategies.

Prosecutors said Martino’s goal was to maximize restitution for the criminals, and he took his cut to do so. He is the third ransomware negotiator to go to jail for the same scheme in the past year.

“Angelo Martino’s clients trusted him to help them respond to ransomware threats, stop them, and provide relief on behalf of victims,” ​​Assistant Attorney General A. Theisen Duva said in a press release. “Instead, he betrayed them and launched a ransomware attack himself, assisting cybercriminals and harming the victims, his own employer, and the cyber incident response industry itself.”

ALPHV/BlackCat was operated as ransomware-as-a-service. This means that while the gang develops and maintains the file-locking malware, contractors acting as affiliates deploy the malware in cyberattacks and pay a portion of the ransom profits to the developers.

Last year, U.S. prosecutors accused Kevin Tyler Martin, another Digital Mint employee, and Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Signia, of conducting unscrupulous acts and aiding the ransomware gang they were ostensibly fighting against.

At the time, authorities spoke of a third party participating in the scheme, without naming them. Now we know it was Martino.

Martino has pleaded guilty to extortion and could be sentenced to up to 20 years in prison. Authorities have already announced that they have seized $10 million in assets from him.

Martino also admitted to helping Goldberg and Martin deploy ALPHV/BlackCat ransomware to multiple victims in the United States over a six-month period in 2023, the Justice Department said. Over that time, the trio essentially became affiliates of ALPHV/BlackCat, making more than $1.2 million from each victim, prosecutors said.

When asked for comment on Tuesday, an anonymous spokesperson for DigitalMint told TechCrunch in a statement that the company had no knowledge of Martino’s criminal activity and fired him after learning of the allegations against two employees.

In 2023, an international coalition of law enforcement agencies took over the ALPHV/BlackCat dark web leak site and disrupted its operations. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims recover their systems.