Ex‑Responder Pleads Guilty

A former DigitalMint ransomware negotiator pleaded guilty after federal prosecutors said he secretly helped BlackCat hackers squeeze more money from victims. (justice.gov) The Justice Department said Angelo Martino, 41, of Land O’Lakes, Florida, used his role in 2023 to pass BlackCat operators confidential details from five clients, including insurance policy limits and negotiation strategy. Prosecutors said the gang paid him for that information. (justice.gov) CyberScoop reported those five victims included a nonprofit and companies in hospitality, financial services, retail and healthcare, and all five paid ransoms. Prosecutors said the total haul reached about $75.3 million, including nearly $26.8 million from the nonprofit and nearly $25.7 million from the financial services company. (cyberscoop.com) Ransomware is digital extortion: attackers lock files, steal data, or both, then demand payment to restore access or keep the data private. In this case, the person hired to bargain the price down admitted he was feeding the attackers the victim’s playbook. (techcrunch.com) BlackCat, also called ALPHV, ran as “ransomware as a service,” a franchise-style model in which core operators built the malware and outside affiliates carried out the break-ins. U.S. agencies have said the group hit more than 1,000 victims worldwide and took in more than $300 million in ransom payments between November 2021 and September 2023. (cisa.gov) Martino also admitted joining Ryan Goldberg, a former Sygnia incident-response manager, and Kevin Martin, another former DigitalMint negotiator, in separate BlackCat attacks between April and November 2023. The Justice Department said the three split proceeds from at least one $1.2 million Bitcoin extortion and that agents have seized $10 million in Martino assets, including cryptocurrency, vehicles, a food truck and a fishing boat. (justice.gov) Goldberg and Kevin Martin pleaded guilty in December 2025 in the same South Florida case, and CyberScoop reported they are scheduled to be sentenced on April 30, 2026. TechCrunch reported Martino is the third ransomware negotiator in the past year to face prison exposure in the scheme. (justice.gov) (cyberscoop.com) (techcrunch.com) DigitalMint is not accused of taking part in the crimes. CyberScoop reported the company fired Martino in April 2025, one day after the Justice Department told the firm it was investigating him. (cyberscoop.com) Martino pleaded guilty to extortion conspiracy and faces up to 20 years in prison. The case now turns a job meant to contain ransomware into part of the government’s evidence about how the attacks were carried out. (techcrunch.com)