Former ransomware negotiator pleads guilty to helping cybercriminals extort victims

A negotiator hired to help ransomware victims instead fed their secrets to the BlackCat extortion crew, prosecutors said, turning a supposed shield into part of the attack. Angelo Martino, 41, of Land O’Lakes, Florida, pleaded guilty to extortion after admitting he abused his role beginning in April 2023 and used confidential information from five ransomware cases to help criminals squeeze more money out of companies.

Federal prosecutors said Martino worked both sides of the table. Instead of protecting victims, he allegedly passed along insurance policy limits and internal negotiation positions to operators of the ALPHV/BlackCat ransomware group, and the gang paid him for the information. The Justice Department said the goal was to maximize the criminals’ payout, with Martino taking a cut. That conduct cut to the core of ransomware response, where companies often bring in outside negotiators to keep losses down and avoid making a crisis worse.

Martino also admitted conspiring with Ryan Clifford Goldberg and Kevin Tyler Martin to deploy BlackCat ransomware against multiple U.S. victims between April and November 2023. Prosecutors said the three men extorted one victim for about $1.2 million in Bitcoin, then split the proceeds and laundered the money. Authorities have already seized $10 million in assets from Martino, including digital currency, vehicles, a food truck and a luxury fishing boat.

The plea closed the latest chapter in a broader corruption case that has exposed the gray zone around ransomware response firms, insurers and outside intermediaries. Goldberg and Martin pleaded guilty in December 2025 to conspiracy to obstruct commerce by extortion. In that case, prosecutors said the men agreed to give BlackCat administrators a 20% share of any ransom payments in exchange for access to the ransomware and its extortion platform. They were scheduled for sentencing on April 30, 2026.

A. Tysen Duva said Martino betrayed clients who trusted him, harmed his employer and damaged the cyber incident-response industry itself. The Justice Department has warned businesses to vet third-party ransomware responders carefully, report suspicious conduct quickly and contact law enforcement as soon as an attack is detected. FBI Miami echoed that advice after the earlier BlackCat case, underscoring how a business built to manage extortion can become another point of failure when oversight is weak.

Martino’s guilty plea makes him the third ransomware negotiator in the past year to face prison for a similar scheme, a signal that the abuse was not isolated. For companies facing encrypted systems and ransom demands, the threat now extends beyond the malware itself to the people hired to fight it.