Ransomware negotiator caught secretly assisting BlackCat extortion scheme

Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator.

Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator.

Angelo Martino (41) admitted helping the BlackCat ransomware group while working for a U.S. incident response firm.

“A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to commit ransomware attacks against U.S. companies in 2023.” reads the press release published by DoJ.

“According to court documents, Angelo Martino, 41, of Land O’Lakes, Florida, collaborated with the operators of the Blackcat/ALPHV (“BlackCat”) ransomware variant used by cybercriminals to attack and extort institutions and companies. Beginning in April 2023, Martino abused his role at a U.S.-based cyber incident response company to assist BlackCat actors.”

The man secretly shared sensitive client details with attackers, like insurance limits and negotiation strategies, while acting as a ransomware negotiator. This information came from five victim cases starting in April 2023 and helped the gang demand higher ransoms. In return, he was reportedly paid by the ransomware operators.

Angelo Martino conspired with Ryan Goldberg and Kevin Martin to deploy BlackCat ransomware group attacks in the U.S. between April and Nov 2023. Using their cybersecurity skills, they helped extort multiple victims, including one paying about $1.2M in Bitcoin. The proceeds were split among them and laundered through different channels. Law enforcement later seized about $10M in assets from Martino, including crypto, vehicles, a food truck, and a luxury fishing boat bought with illicit funds.

“Ransomware victims turned to this defendant for help, and he sold them out from the inside,” said U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida. “As he admitted in court, he abused his position at a cyber incident response company to feed confidential information to BlackCat actors, helping them maximize ransom payments from American victims. He then went further, joining the conspiracy himself to deploy ransomware and profit from extortion. This guilty plea makes clear that if you weaponize insider access and cybersecurity expertise against victims in South Florida or anywhere in this country, you will be prosecuted. And as the seizure of more than $10 million in assets shows, you will not get to keep the proceeds of your crime.”

In January, 2026, the U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023.

Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.

“According to court documents, Ryan Goldberg, 40, of Georgia, Kevin Martin, 36, of Texas, and another co-conspirator successfully deployed the ransomware known as ALPHV BlackCat between April 2023 and December 2023 against multiple victims located throughout the United States.” reads the press release published by DoJ. “All three men worked in the cybersecurity industry — meaning that they had special skills and experience in securing computer systems against harm, including the type of harm they themselves were committing against the victims in this case.”

In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023. The third person was identified in March 2026 as Angelo Martino, a 41-year-old from Florida. He worked as a ransomware negotiator at an incident response firm alongside Kevin Martin. The third conspirator, Ryan Goldberg, was employed at a separate cybersecurity company.

Angelo Martino pleaded guilty to conspiracy linked to extortion in ransomware operations. He faces up to 20 years in prison and will be sentenced on July 9. Kevin Martin and Ryan Goldberg face the same maximum penalty, with sentencing set for April 30. A judge will decide final sentences under federal guidelines.

“Martino pleaded guilty to one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He is scheduled to be sentenced on July 9 and faces a maximum penalty of 20 years in prison. Martin and Goldberg separately entered guilty pleas to the same charge in December 2025.” concludes DoJ. “Martin and Goldberg are scheduled to be sentenced on April 30 and each face a maximum penalty of 20 years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)