A former ransomware negotiator has been sentenced to 70 months in federal prison after admitting he secretly worked with the BlackCat (ALPHV) ransomware gang while negotiating with victims on their behalf. U.S. authorities said Angelo Martino, 41, abused his position at a cybersecurity company to help cybercriminals maximize ransom payments and participate in attacks against multiple organizations.
According to the U.S. Department of Justice, Martino began collaborating with BlackCat operators in 2023 while employed as a ransomware negotiator. Prosecutors said he used confidential information obtained through his work to assist the gang during negotiations and increase the amount of money victims were pressured to pay.
Investigators said Martino also conspired with two other former cybersecurity professionals, Ryan Clifford Goldberg and Kevin Tyler Martin, to carry out ransomware attacks against U.S. companies. The trio allegedly encrypted victim networks, stole sensitive data, and demanded multimillion-dollar ransom payments while sharing proceeds with BlackCat under its ransomware-as-a-service model.
Court documents state that at least one victim paid approximately $1.2 million in Bitcoin to recover access to its systems. Authorities also seized more than $10 million in assets tied to Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat that prosecutors said had been purchased with proceeds from the scheme.
The Department of Justice said Martino pleaded guilty to conspiracy charges earlier this year. In addition to the 70-month prison sentence, he was ordered to forfeit the seized assets connected to the criminal operation.
Goldberg and Martin were previously sentenced to four years in prison after pleading guilty to their roles in the conspiracy. Prosecutors said the case demonstrates that cybersecurity professionals who exploit privileged access to assist ransomware groups will face the same criminal consequences as the attackers themselves.
The investigation was led by the FBI with assistance from multiple law enforcement agencies. Officials said the case highlights the insider threat posed when trusted cybersecurity personnel misuse their expertise and access to support criminal organizations instead of protecting victims.