Technology

Florida ransomware negotiator gets five years for helping hackers

A Florida ransomware negotiator who fed BlackCat hackers victims’ strategy was sentenced to 70 months, and more than $10 million in assets was seized.

Lisa Park··2 min read
Published
Listen to this article0:00 min
Florida ransomware negotiator gets five years for helping hackers
Source: complexdiscovery.com

A Florida ransomware negotiator who prosecutors said secretly helped BlackCat hackers squeeze American companies was sentenced to 70 months in federal prison on July 9, 2026. Angelo Martino, 41, of Land O’Lakes, Florida, had worked for a U.S.-based cyber incident response company when he began abusing that role in April 2023, the Justice Department said.

Federal prosecutors said Martino conspired with ALPHV BlackCat actors to extort five ransomware victims in the United States and was paid to share confidential information about their negotiating positions and strategy. He pleaded guilty in April 2026 to conspiring to commit ransomware attacks against U.S. companies in 2023. The Justice Department said Martino also worked with former cybersecurity professionals to target additional victims that same year.

AI-generated illustration
AI-generated illustration

The case reached deeper into the ransomware economy than a single insider betrayal. Prosecutors said Martino, Kevin Martin, and Ryan Goldberg agreed to give ALPHV BlackCat administrators 20% of any ransom payments in exchange for access to the ransomware and its extortion platform. In one attack, the group extorted nearly $1.3 million after first demanding $10 million, then split and laundered the money. The Justice Department said more than $10 million in criminal proceeds tied to the scheme had been seized, including a food truck and a luxury fishing boat bought with ransom money.

Martino is the third person sent to prison in the case. The earlier sentences for Martin and Goldberg underscored how the operation blended technical skill with insider access, turning crisis negotiation into a weapon for the attackers. Federal officials said the case showed why businesses must scrutinize third-party incident-response firms and report suspicious or unethical conduct quickly.

The broader BlackCat threat explains why the insider case landed so hard. In a February 27, 2024 advisory, CISA, the FBI, and HHS said ALPHV BlackCat had remained active through at least February 2024 and had nearly 70 leaked victims since mid-December 2023, with healthcare the most commonly hit sector. The advisory also said BlackCat updated its malware in February 2023 to improve defense evasion and add the ability to encrypt Windows, Linux, and VMware systems.

A Congressional Research Service report said the FBI’s December 2023 disruption of BlackCat helped save victims from an estimated $68 million in ransom payments. The same report said the February 2024 Change Healthcare attack disrupted prescription access and pharmacy cash flow nationwide, and public reporting tied about $22 million in bitcoin to that ransom. Martino’s sentence now sits inside that larger record of damage, where the people hired to reduce losses can become part of the extortion machine itself.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Technology