Jul 18, 2026
Policy

Ransomware negotiator gets 70 months for helping BlackCat extort clients

Angelo Martino was sentenced after prosecutors said he leaked client negotiating positions to BlackCat and took cryptocurrency kickbacks.

Renata Fuchs

By Renata Fuchs · Policy Reporter

· 4 min read

Ransomware negotiator gets 70 months for helping BlackCat extort clients
Photo: Ars Technica

A Florida ransomware negotiator who worked for DigitalMint was sentenced to 70 months in prison after admitting he helped BlackCat attackers extract higher payments from the victims he was hired to represent. Prosecutors said five DigitalMint clients paid more than $75 million to ransomware affiliates, with likely millions added because Angelo Martino passed along confidential information.

The case is a direct hit to a small but critical part of the incident response market: negotiators who sit between breached companies, insurers and criminal groups. Companies hire those intermediaries to reduce ransom demands and manage payment logistics. In this case, the US government said Martino used that access to share insurance limits and internal negotiation positions with the attackers in exchange for cryptocurrency.

Martino, 41, pleaded guilty to conspiracy to interfere with interstate commerce by extortion. He had asked for a 24-month sentence, citing cooperation that helped prosecutors bring cases against two co-defendants, Kevin Martin, another DigitalMint negotiator, and Ryan Goldberg, an incident manager at security firm Sygnia. Martin and Goldberg were each sentenced in April to four years in prison.

Prosecutors had said federal sentencing guidelines put Martino in a range of 70 to 87 months, based on his limited criminal history, and sought at least the midpoint. He faced a statutory maximum of 20 years.

How the scheme worked, according to prosecutors

Martino worked for DigitalMint from November 2022 to April 2025, first as an independent consultant and later as a full-time employee, according to court filings. DigitalMint is based in Chicago, and Martino worked remotely on a company laptop.

In that role, prosecutors said, Martino received sensitive details about attacks, ransom demands, insurance coverage and client strategy. Beginning in April 2023, he communicated with BlackCat actors through Tox and through a separate intermediary chat inside the BlackCat panel. Court filings said that channel was available only to Martino and the BlackCat negotiators and affiliates.

The government said Martino used that private channel to disclose client information without the victims’ knowledge. The purpose, prosecutors said, was to increase the ransom amounts paid to BlackCat actors. In return, Martino received a share of the payments in digital currency.

The victims in the negotiation scheme included a hospitality company, a nonprofit, a financial services company, a retail company and a medical company, all DigitalMint clients. Prosecutors said ransom payments tied to the broader conduct ranged from $213,000 to $26.8 million between April and September 2023, and that the attacks affected companies in sectors including financial services and health care.

Martino also obtained an affiliate account with ALPHV BlackCat in May 2023 and shared access with Martin and Goldberg, according to a factual proffer signed by Martino and prosecutors. The government said the three used the BlackCat platform to attack five additional victims. One medical device company paid $1.2 million, while the other victims did not pay but incurred consequential losses.

DigitalMint says it was deceived

DigitalMint said it did not know about Martino’s conduct while he worked there and fired the employees involved after the Justice Department brought the allegations to the company. The company said it cooperated with federal investigators and described itself as an unknowing victim of the crimes.

DigitalMint said it had controls such as background checks and compliance procedures, but said Martino hid his actions through unauthorized communication channels. Sygnia previously said it terminated Goldberg immediately after learning of the situation and that the company itself was not a target of the investigation.

Martino received millions of dollars in cryptocurrency from the conspiracy, according to court filings. The FBI seized cryptocurrency from him, though prosecutors said he had already used much of the money to buy two Florida homes, a boat and several vehicles. He must forfeit property and pay 10% of any salary he earns after release toward victim compensation. The government is expected to submit a proposed forfeiture order next week.

BlackCat, also known as ALPHV, is the ransomware operation tied to the February 2024 outage at Change Healthcare and attacks on hundreds of other victims. The FBI said in December 2023 that it had developed a decryption tool for victims and seized several sites used by the group. The US government is still offering rewards of up to $10 million for information on BlackCat administrators and affiliates.

This story draws on original reporting from Ars Technica.

More from Policy

All Policy →