Former ransomware negotiator pleads guilty to BlackCat attacks

Published:

21 april 2026 om 10:12:21

Alert date:

21 april 2026 om 11:00:57

Source:

bleepingcomputer.com

Ransomware & Malware, Data Breach & Exfiltration

Angelo Martino, a 41-year-old former employee of cybersecurity incident response company DigitalMint, pleaded guilty to conducting BlackCat (ALPHV) ransomware attacks against U.S. companies in 2023. As a former ransomware negotiator, Martino used his insider knowledge and access to facilitate these attacks, representing a significant breach of trust within the cybersecurity industry. This case highlights the risk of insider threats in cybersecurity firms and the potential for employees with specialized knowledge to abuse their positions.

Technical details

Angelo Martino, a former DigitalMint employee, worked as a BlackCat (ALPHV) ransomware affiliate between April 2023 and April 2025. While serving as a ransomware negotiator for five victims, he shared confidential information including negotiation positions and insurance policy limits with BlackCat operators. The attackers operated under an affiliate model, paying BlackCat administrators a 20% share of ransom proceeds for access to the ransomware and extortion portal. The group used double extortion tactics, stealing data before encryption and threatening to leak it.

Mitigation steps:

Organizations should ensure proper vetting of cybersecurity incident response personnel and implement internal controls to prevent insider threats. Companies should also verify the integrity of negotiation processes and maintain strict confidentiality protocols during ransomware incidents.

Affected products:

Related CVE's:

Related threat actors:

BlackCat

ALPHV

Angelo Martino

Ryan Clifford Goldberg

Kevin Tyler Martin

IOC's:

This article was created with the assistance of AI technology by Perceptive.