When an organization falls sufferer to a ransomware assault, it’s not unusual for it to show to specialists for assist.
Specialist ransomware negotiation corporations deal with communications with felony gangs on a sufferer’s behalf. They understand how the ransomware gangs function, tips on how to purchase time, and tips on how to push again on extortionate calls for. They will help handle the technical aspect of any cost if wanted, and assist a company sufferer assess whether or not decryptors really work.
What victims do not anticipate is that their trusted negotiator is likely to be individually sharing particulars of the sufferer’s cyber-insurance coverage and negotiation technique immediately with the attackers themselves.
That is exactly what Florida man Angelo John Martino III did, and final week a federal decide sentenced him to 70 months in jail for it.
41-year-old Martino labored as a ransomware negotiator for DigitalMint, an incident response firm primarily based in Chicago. His job was to barter on behalf of organisations who had been held to ransom by ransomware assaults.
Nonetheless, beginning in April 2023, Martino began to dwell a double life. Unknown to his employer or shoppers, Martino was feeding data to the BlackCat (also referred to as ALPHV) ransomware group by means of a hidden tab throughout the similar BlackCat negotiation panel he used for his authentic work.
In alternate for a minimize of the ransom cost, Martino fed the criminals the whole lot they wished: victims’ insurance coverage coverage limits, their inside negotiating positions, and their monetary circumstances.
On one event, Martino secretly tipped off a BlackCat affiliate that the sufferer’s insurance coverage firm had solely accepted a restricted payout.
Within the official negotiation chat – seen to each DigitalMint and the sufferer – he acted the function of involved middleman with aplomb. Nonetheless, behind the scenes, the gang already knew precisely what they may extract.
The BlackCat operator’s response within the official negotiation chat was clear: “We all know how a lot you’ll be able to pay. Contact your insurance coverage. We find out about them additionally.”
The ransomware sufferer, a hospitality firm, finally paid out almost US $16.5 million.
In complete, 5 of Martino’s shoppers collectively made greater than US $75.3 million in ransom funds between April and September 2023. This included a non-profit organisation that paid almost US $26.8 million, and a monetary companies firm that paid almost US $25.7 million – every cost seemingly inflated because of the data Martino shared with the extortionists.
However that wasn’t the restrict of Martino’s wrongdoing, as a result of he and two colleagues (Kevin Martin, one other DigitalMint negotiator, and Ryan Goldberg, an incident response supervisor at cybersecurity agency Sygnia) deployed BlackCat ransomware in opposition to extra victims themselves.
The trio stored 80% of ransoms and paid 20% to the BlackCat gang, as associates – efficiently extorting US $1.2 million from a medical machine firm.
In April 2026, Goldberg and Martin have been each sentenced to 4 years in jail.
Martino spent the cryptocurrency proceeds of his felony exercise on two Florida properties, a ship, and a number of other autos. Authorities say that they’ve seized US $10 million of his belongings, and a listening to in September will decide what different restitution he must make.
“Angelo Martino bought out the very victims he was employed to characterize, handing their confidential negotiating positions to BlackCat actors to drive up ransoms and enrich himself,” stated Assistant Director Brett Leatherman of the FBI Cyber Division. “[The] sentence demonstrates that the FBI will pursue not simply the criminals who deploy ransomware, however the insiders who allow them. Working with our companions, the FBI will discover those that betray that belief and maintain them accountable.”
US authorities have described DigitalMint as an “unknowing sufferer,” and stated that Martino intentionally hid what he was doing from his employer. The corporate has since modified the way in which its negotiators talk with ransomware gangs, and is working with the Division of Homeland Safety to determine a registry for the at present highly-unregulated world of ransomware negotiation.
