Ransomware Negotiator Sentenced for Colluding with Attackers
Former ransomware negotiator sentenced to 70 months in prison for colluding with BlackCat scammers to extort victims.

Ransomware Negotiator Sentenced for Colluding with Attackers">
A former ransomware negotiator was sentenced to 70 months in prison yesterday after colluding with BlackCat scammers to extort the victims he was hired to protect. As a ransomware negotiator for the company DigitalMint, Florida resident Angelo Martino's job was 'to negotiate with cybercriminals to mitigate the ransoms paid by [DigitalMint's] clients,' the US government said in a sentencing memorandum on Tuesday. 'Instead, Martino provided the cybercriminals with confidential negotiation information to maximize the ransoms in exchange for a portion of the ransom payments.
Five of the victims whom Martino was supposed to help paid over $75 million to ransomware affiliates, including likely millions of dollars in ransom demands inflated as a result of the confidential information provided by Martino.' Martino, 41, pleaded guilty and asked for a 24-month sentence, noting that he 'provided substantial assistance that contributed to the indictment and conviction of two co-defendants.' As described in a November 2025 article, the co-defendants were Texas resident Kevin Martin, a ransomware negotiator for DigitalMint, and Georgia resident Ryan Goldberg, an incident manager at security firm Sygnia. Why this matters: This case highlights the darker side of the ransomware negotiation industry, where trust is paramount and breaches can have severe consequences. The fact that Martino was able to collude with attackers and compromise the security of his clients raises questions about the vetting process and oversight of companies like DigitalMint.
For developers and businesses, this incident serves as a reminder to prioritize security and ensure that third-party services are thoroughly vetted. For consumers, it underscores the importance of being aware of the risks associated with ransomware attacks and taking proactive measures to protect themselves. As the threat of ransomware continues to evolve, it remains to be seen how the industry will adapt to prevent similar incidents in the future.
Source: Ars Technica