Ransomware negotiator helped hackers squeeze victims for bigger payouts
He was hired to help victims, but got paid for extorting money from them.

Silhouette of a man surrounded by glowing code. Mariyariya/Getty.
- Angelo Martino was sentenced to 70 months for helping BlackCat affiliates extort ransomware victims.
- Prosecutors said Martino shared victims’ confidential negotiation positions so attackers could demand higher ransoms.
- Authorities said Martino and two former cybersecurity professionals also deployed BlackCat ransomware against additional victims.
- The case highlights US efforts against BlackCat, which has targeted more than 1,000 victims worldwide.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
A former ransomware negotiator hired to help organizations recover from cyberattacks has been sentenced to nearly 6 years in prison after he secretly worked with the ransomware group to increase profits from victims.
Angelo Martino, 41, from Land O’Lakes in Florida, was sentenced to 70 months in federal prison for conspiring with BlackCat affiliates to extort multiple victims.
“He was hired to help victims in a moment of crisis,” said US Attorney Jason A. Reding Quiñones for the Southern District of Florida.
“Instead, Martino betrayed them, fed their confidential negotiating positions to ransomware criminals, and helped squeeze them for more money.”
Helped attackers maximize ransom demands
According to court documents, Martino began working with BlackCat operators in April 2023 while employed at a cyber incident response company. His role gave him access to confidential information about the victims.
He was aware of the victims’ negotiation strategies and willingness to pay, which he sold to BlackCat attackers, allowing them to adjust their demands and pressure victims into paying higher ransoms.
The scheme targeted five ransomware victims, according to the Justice Department.
Investigators said Martino was paid by ransomware operators for providing the inside information.
Authorities also said Martino worked with two other former cybersecurity professionals, Kevin Martin, 36, from Texas, and Ryan Goldberg, 41, from Georgia, to deploy BlackCat ransomware against additional victims between April and November 2023.
In one attack, the group allegedly extorted approximately $1.2 million in bitcoin from a victim. The proceeds were then divided among the three men and laundered. Martin and Goldberg were previously sentenced to 48 months in prison.
“Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed, while the people they hired to help them instead betrayed them to ransomware gangs,"said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division in a press release.
More than $10 million in assets seized
As part of the investigation, law enforcement seized more than $10 million in criminal proceeds and assets connected to Martino’s activities.
The seized property included cryptocurrency, vehicles, a food truck, and a luxury fishing boat. A restitution hearing is scheduled for September 17th to determine the amount Martino must repay the victims.
BlackCat ransomware operation disrupted
The ruling comes as US authorities continue efforts to dismantle the BlackCat ransomware ecosystem.
BlackCat, also known as ALPHV or Noberus, has targeted more than 1,000 victims worldwide across different sectors, making the gang one of the most active ransomware-as-a-service (RaaS) operations in recent years.
The ransomware group’s modus operandi is providing malware and infrastructure, while affiliates carry out attacks against victims.
The attackers typically used a double-extortion strategy. They steal sensitive data before encrypting systems. Then attackers demand payment in exchange for both restoring access and preventing publication of the stolen files.
In December 2023, the FBI disrupted parts of the BlackCat operation by gaining access to the group’s infrastructure and seizing several websites used by the ransomware gang.
The agency also developed a decryption tool that helped hundreds of victims restore encrypted systems without paying attackers. According to the Justice Department, the tool prevented approximately $99 million in ransom payments.
“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Deputy Attorney General Lisa O. Monaco said in a statement.