An employee who was supposed to help organizations recover from ransomware attacks instead collaborated with the very criminals he was negotiating against. A U.S. court has now handed down his sentence.
Forty-one-year-old Angelo Martino, a former employee of cybersecurity firm DigitalMint, which advises organizations during ransomware negotiations, has been sentenced to 70 months in federal prison. He previously pleaded guilty to participating in attacks carried out by the BlackCat ransomware group, also known as ALPHV.
The FBI has linked BlackCat to more than 60 cyber incidents between November 2021 and March 2022. According to the agency, the group extorted at least $300 million from more than 1,000 victims by September 2023.
Two Other Defendants Already Sentenced
Martino was charged alongside two other former employees of Sygnia and DigitalMint: 28-year-old Kevin Tyler Martin and 33-year-old Ryan Clifford Goldberg. Both pleaded guilty in December to conspiracy to interfere with commerce by extortion. In May, each received a four-year prison sentence.
Martino’s identity was initially withheld from public court records. In an October 2025 indictment, he was identified only as “Co-Conspirator 1.” Court documents unsealed in March later revealed both his identity and his role in the scheme.
Coordinated Attacks on Victim Organizations
According to court filings, Martino worked alongside Goldberg and Martin in multiple BlackCat ransomware attacks between April 2023 and April 2025. Acting as affiliates of the ransomware operation, the trio demanded ransom payments from victim organizations, threatened to publish stolen data, and encrypted their systems. In exchange for access to the ransomware platform and its extortion portal, they paid approximately 20 percent of the ransom proceeds to the BlackCat operators.
Prosecutors also allege that Martino abused his role as an official ransomware negotiator for five victims by passing confidential information to the attackers. The leaked information reportedly included cyber insurance coverage limits and the victims’ negotiating flexibility, enabling the ransomware group to maximize ransom demands in each case.
At least five U.S. organizations were affected. One financial services company reportedly paid approximately 25.66 million U.S. dollars, while a nonprofit organization paid around 26.79 million U.S. dollars. Additional victims included school districts, healthcare organizations, law firms, and other financial institutions.
DigitalMint said it had distanced itself from the employees’ actions and terminated their employment after the misconduct came to light.
(lb)