All incidents

Former ransomware negotiator sentenced to 70 months for aiding BlackCat

campaignopenJul 10, 2026 — Jul 10, 2026
Former ransomware negotiator sentenced to 70 months for aiding BlackCat

A former ransomware negotiator from Florida has been sentenced to 70 months in prison after pleading guilty to helping the BlackCat ransomware gang. Angelo Martino admitted to sharing confidential victim information while posing as a mediator, effectively acting as a double agent for the criminals. The sentence was handed down by a federal court following a guilty plea in April. The Department of Justice announced the ruling. Victims of the schemes he facilitated faced prolonged downtime and increased financial demands as a direct result of his betrayal.

Martino’s role involved leaking negotiation strategies, victim contact details and extortion timelines to BlackCat operators. This insider information allowed the gang to demand higher ransom payments and to tailor their attacks more effectively. Prosecutors said he also participated directly in deploying ransomware on at least one occasion, netting roughly $1.2 million from a single victim. The betrayal undermined the trust placed in professional negotiators by companies facing a ransomware crisis. He was charged with conspiracy to commit fraud and aggravated identity theft, reflecting the severity of his conduct.

Law enforcement seized assets valued at over $10 million linked to Martino’s illicit activities, including cryptocurrency wallets and bank accounts. The seized funds are being processed for restitution to affected organisations. Martino is one of three cybersecurity professionals charged in this scheme; the other two received four‑year sentences. His case highlights the growing insider‑threat dimension of ransomware operations. The forfeiture proceedings are expected to conclude later this year, with any remaining amounts directed to a victim compensation fund.

BlackCat, also known as Alphv, emerged in late 2021 and quickly became one of the most prolific ransomware-as-a-service groups. Between 2021 and late 2023 the gang claimed more than 1,000 victims worldwide, amassing tens of millions of dollars in ransom payments. Significant incidents included a $22 million payout from a major US firm and numerous attacks on healthcare and critical infrastructure providers.

The group’s reliance on affiliates meant that insider assistance such as Martino’s could significantly amplify its impact. International law enforcement actions in 2023 disrupted several of its infrastructure nodes, yet the group continued to operate through decentralized cells.

The case illustrates how trusted third‑party service providers can be turned into vectors for cyber extortion when personal greed overrides professional ethics. Security leaders must recognise that ransomware negotiations, incident response consulting and threat intelligence sharing all require rigorous vetting. Martino’s actions also demonstrate that financial gain from betraying clients can far exceed legitimate consulting fees, creating a potent incentive for malicious insiders. Regular ethics training and clear codes of conduct can help mitigate these risks before they materialise.

Organisations should conduct background checks on any external negotiators or incident‑response firms they engage, looking for prior legal issues or undisclosed affiliations. Contracts should include clauses that prohibit the sharing of confidential details with third parties and allow for immediate termination if a breach is suspected. Monitoring communications between negotiators and threat actors, where legally permissible, can help detect anomalous behaviour early. Additionally, maintaining an internal audit trail of all external interactions supports rapid forensic review when suspicion arises.

Furthermore, companies ought to adopt a zero‑trust approach to third‑party access, ensuring that negotiators only receive the minimum information needed to perform their role. Regular audits of negotiation logs and anomaly detection on financial transactions can uncover illicit payouts before they are laundered. By treating insider risk with the same rigor as external threats, firms can reduce the chance of a repeat of the Martino betrayal. Sharing indicators of compromise and insider threat patterns within trusted industry groups strengthens collective defence against such subversion.

Intelligence briefing updated Jul 10, 2026

BlackCat
Root sourcewww.justice.gov
Timeline Coverage

Swipe to explore timeline