Ransomware negotiator pleads guilty to helping ransomware gang

Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals extort companies in cyberattacks. On Monday, the U.S. Justice Department announced the guilty plea. Martino, who used to work for cybersecurity firm DigitalMint, admitted to playing both sides of the negotiation in five different incidents. While ostensibly working for the victims, Martino admitted to feeding confidential information back to the operators of the ALPHV/BlackCat ransomware, providing them information such as the victim’s insurance policy limits, as well as their negotiation strategies. Martino’s goal was to maximize the criminals’ payout, for which he took a cut, prosecutors said. He is the third ransomware negotiator in the past year to face jail for the same scheme. “Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva in the press release. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.” ALPHV/BlackCat operated as a ransomware-as-a-service, meaning the gang develops and maintains the file-locking malware, while contractors working as affiliates deploy it in cyberattacks and pay back a portion of the ransom profits back to the developers. Last year, U.S. prosecutors accused another DigitalMint employee, Kevin Tyler Martin, as well as Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, of going rogue and helping the ransomware gang that they were ostensibly working to counter during their day jobs. At the time, the authorities mentioned a third individual, without naming him, as being part of this scheme. We now know that it was Martino. Techcrunch event Meet your next investor or portfolio startup at Disrupt Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. Meet your next investor or portfolio startup at Disrupt Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410. San Francisco, CA | October 13-15, 2026 REGISTER NOW Martino pleaded guilty to extortion, and faces up to 20 years in prison. Authorities said they have already seized $10 million in assets from Martino. According to the Justice Department, Martino also admitted to helping Goldberg and Martin deploy ALPHV/BlackCat’s ransomware against several victims inside the U.S. for six months in 2023. The three essentially became ALPHV/BlackCat affiliates during that time, making more than $1.2 million from one single victim, according to prosecutors. When reached for comment on Tuesday, an unnamed DigitalMint spokesperson told TechCrunch in a statement that the company had no knowledge of Martino’s criminal actions, and that it fired the two employees after learning of the accusations against them. In 2023, an international coalition of law enforcement authorities seized the dark web leak site of ALPHV/BlackCat, disrupting its operations. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims to restore their systems. Topics ALPHV, BlackCat, cybercrime, cybersecurity, hackers, hacking, ransomware, Security Lorenzo Franceschi-Bicchierai Senior Reporter, Cybersecurity Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy. You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio April 30 San Francisco, CA StrictlyVC kicks off the year in SF. Get in the room for unfiltered fireside chats with industry leaders, insider VC insights, and high-value connections that actually move the needle. Tickets are limited. REGISTER NOW Most Popular Tim Cook stepping down as Apple CEO, John Ternus taking over Amanda Silberling Connie Loizos Blue Origin’s New Glenn put a customer satellite in the wrong orbit during its third launch Sean O'Kane Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures Anthony Ha ‘Tokenmaxxing’ is making developers less productive than they think Tim Fernholz Anthropic launches Claude Design, a new product for creating quick visuals Aisha Malik Anthropic CPO leaves Figma’s board after reports he will offer a competing product Tim Fernholz After sale of its shoe business, Allbirds pivots to AI Sarah Perez