Betrayal From Within: Former DigitalMint Ransomware Negotiator Sentenced to Nearly Six Years After Secretly Helping BlackCat Extort Millions + Video

Listen to this Post

Featured ImageIntroduction: When the Trusted Defender Becomes the Greatest Threat

Cybersecurity is built on one essential foundation: trust. Organizations under ransomware attack often find themselves in desperate situations, relying on incident responders and ransomware negotiators to protect their businesses, employees, and customers during their darkest hours. However, one of the industry’s most shocking insider betrayals has revealed that sometimes the greatest danger isn’t the hacker outside the network—it is the trusted expert sitting at the negotiation table.

The U.S. Department of Justice has sentenced former DigitalMint ransomware negotiator Angelo John Martino III to 70 months in federal prison after uncovering a sophisticated conspiracy in which he secretly collaborated with the notorious BlackCat (ALPHV) ransomware gang. Rather than protecting victims, Martino exploited confidential information to maximize ransom payments, enriching himself while devastating the very organizations that hired him for help.

A Trusted Cybersecurity Professional Turned Criminal

According to federal prosecutors, 41-year-old Angelo John Martino III abused his position as a ransomware negotiator at DigitalMint to secretly assist BlackCat ransomware affiliates.

His role gave him access to highly confidential information, including:

Victims’ financial situations

Insurance policy limits

Internal negotiation strategies

Maximum authorized ransom payments

Instead of using this information to reduce ransom demands, Martino allegedly shared everything directly with BlackCat affiliates.

This allowed the ransomware operators to demand significantly larger payments while knowing exactly how far victims could negotiate.

The result was one of the most disturbing insider cybercrime cases ever prosecuted.

Millions of Dollars Lost Across Multiple Victims

Between April and September 2023, five organizations hired DigitalMint to negotiate on their behalf after suffering ransomware attacks.

Federal investigators say those organizations eventually paid enormous ransoms, including:

A nonprofit organization that paid approximately $26.8 million

A financial services company that paid nearly $25.7 million

A hospitality company that paid almost $16.5 million

Two additional organizations paying millions more

Combined, prosecutors estimate the conspiracy attempted to extort approximately $75.3 million.

Martino was effectively negotiating against his own clients while secretly advising the criminals during private conversations.

Playing Both Sides of the Negotiation

Court documents describe Martino as functioning like a “double agent.”

On one side, he appeared to represent victim organizations through official DigitalMint communication channels.

Behind the scenes, however, he maintained unauthorized communications with BlackCat affiliates.

Federal investigators uncovered messages where Martino revealed:

Insurance approval limits

Victim negotiation tactics

Financial pressure faced by victims

Expected payment ceilings

In one conversation, Martino reportedly informed a BlackCat affiliate that the victim’s insurance provider was approving only limited payments before telling the criminals to reject offers until he discovered the victim’s maximum payment amount.

Such information dramatically strengthened the

Hospitality Company Paid Over $16 Million

One particularly revealing negotiation demonstrated how deeply Martino manipulated both sides.

Publicly, he pleaded with attackers by explaining the victim company faced severe operational losses and financial hardship.

He offered $1 million as a serious proposal.

Privately, prosecutors say he had already informed the ransomware gang about the company’s actual payment capabilities.

The attackers responded confidently that they already knew how much the company could pay and threatened lawsuits, penalties, and public data leaks.

Eventually, the victim paid approximately $16.5 million to recover encrypted systems and prevent stolen information from being published.

Conspiracy Extended Beyond One Insider

Martino did not allegedly operate alone.

Federal prosecutors stated he worked alongside:

Former DigitalMint negotiator Kevin Tyler Martin

Former Sygnia incident response manager Ryan Clifford Goldberg

Together they reportedly helped deploy BlackCat ransomware against several additional American companies.

One medical company paid roughly $1.3 million, which investigators say the three conspirators divided among themselves.

Goldberg and Martin previously pleaded guilty and each received four-year prison sentences.

DigitalMint Says It Was Also Deceived

DigitalMint maintains that it had absolutely no knowledge of Martino’s criminal activity.

Company officials stated that his actions deliberately violated internal policies, ethical standards, and legal obligations.

According to the company, Martino concealed his communications using unauthorized private channels accessible only to himself and BlackCat members.

DigitalMint also confirmed that once the Department of Justice notified the company of its investigation in April 2025, Martino was immediately terminated and all system access was revoked.

The company has declined to discuss whether affected clients received financial refunds, citing confidentiality obligations.

Authorities Seize Millions in Criminal Assets

Law enforcement moved quickly to recover proceeds linked to the conspiracy.

Authorities seized approximately $10 million in assets connected to Martino, including:

A waterfront luxury home valued at roughly $1.68 million

A second residential property worth nearly $396,000

Cryptocurrency wallets

Multiple vehicles

A food truck

A 29-foot luxury fishing boat

These assets allegedly originated from ransomware proceeds.

Justice Department Condemns the Betrayal

Assistant Attorney General A. Tysen Duva described the case as one of extraordinary betrayal.

Officials emphasized that organizations sought professional help during devastating cyberattacks only to discover the individual representing them was secretly enriching ransomware operators.

The Department of Justice argued the sentence reflects both the enormous financial harm and the violation of professional trust.

The FBI echoed these concerns, saying Martino handed confidential negotiation strategies directly to cybercriminals, allowing BlackCat to demand larger ransom payments.

Federal prosecutors characterized the crime as neither accidental nor impulsive, but instead a carefully planned scheme driven entirely by greed.

The Rise and Fall of BlackCat (ALPHV)

BlackCat, also known as ALPHV, emerged in late 2021 and rapidly became one of the world’s most dangerous ransomware operations.

The group targeted:

Hospitals

Critical infrastructure

Financial institutions

Manufacturing companies

Hospitality providers

Government contractors

In December 2023, the U.S. Department of Justice and FBI disrupted portions of BlackCat’s infrastructure, seized several affiliate-controlled websites, and released a decryption tool that reportedly helped hundreds of victims recover encrypted files without paying ransoms.

Authorities estimated those efforts prevented approximately $99 million in additional ransom payments.

Martino is scheduled to return to court to determine restitution owed to victims harmed by his crimes.

Deep Analysis

Command 1: The Greatest Cybersecurity Risk Is Sometimes Internal

Organizations frequently invest millions defending against external attackers while overlooking insider threats. This case demonstrates that privileged employees with sensitive access can inflict damage exceeding that of many outside hackers.

Command 2: Trust Alone Is Not a Security Control

Negotiators possess enormous influence during ransomware incidents. Independent oversight, activity logging, separation of duties, and continuous auditing should become mandatory for high-risk negotiation roles.

Command 3: Cyber Insurance Can Become Intelligence for Criminals

Insurance policy limits effectively became pricing guides for ransomware operators. Companies should carefully restrict access to insurance information during negotiations and minimize unnecessary disclosure.

Command 4: Ransom Negotiation Requires Greater Transparency

Backchannel communications remain one of the least regulated aspects of ransomware response. Independent monitoring and documented communication channels could significantly reduce opportunities for insider abuse.

Command 5: Background Checks Are Not Enough

DigitalMint stated that Martino passed industry-standard screening. This illustrates that background investigations alone cannot detect future criminal intent. Continuous monitoring is becoming increasingly important.

Command 6: Insider Threat Programs Need Modernization

Behavioral analytics, privileged access monitoring, and communication auditing are rapidly becoming essential cybersecurity investments.

Command 7: Cybersecurity Professionals Carry Extraordinary Responsibility

Clients entrust incident responders with their survival during cyber crises. Ethical violations in these positions damage confidence across the entire cybersecurity industry.

Command 8: Law Enforcement Is Following the Money

The seizure of homes, cryptocurrency, luxury vehicles, and recreational assets shows authorities increasingly prioritize financial investigations alongside digital forensics.

Command 9: Ransomware Ecosystems Continue to Evolve

Modern ransomware operations increasingly rely on insiders, brokers, initial access specialists, negotiators, and affiliates. The ecosystem has grown far beyond traditional hacking groups.

Command 10: This Case Will Influence Industry Standards

Expect greater regulatory attention on ransomware negotiation practices, stronger oversight requirements, and tighter controls surrounding third-party incident response providers.

What Undercode Say:

This case represents one of the most damaging examples of insider betrayal the cybersecurity industry has witnessed in recent years.

The story is not simply about ransomware—it is about trust collapsing from within.

Organizations hire negotiators because they lack expertise during a crisis.

Those negotiators become temporary guardians of extremely sensitive information.

When that trust is weaponized, every security process begins to fail.

Martino allegedly transformed confidential business intelligence into an offensive weapon.

Instead of lowering ransom demands, he allegedly increased attackers’ leverage.

That changes the

Cybersecurity vendors must now prove not only technical competence but ethical accountability.

Future contracts will likely include stricter auditing provisions.

Negotiation sessions may become fully monitored.

Communication logging could become mandatory.

Independent approval processes may emerge.

Insurance companies may revise how negotiators receive financial information.

Incident response teams could require dual-authority models.

Organizations will also rethink privileged access.

Zero Trust principles may extend beyond IT infrastructure into human decision-making.

This case reinforces that insider risk is not hypothetical.

It is measurable.

It is profitable for criminals.

It is difficult to detect.

The Department of

Cybersecurity professionals are not above the law.

Professional credentials do not provide immunity.

The financial asset seizures demonstrate that cybercrime rarely remains hidden forever.

For ransomware gangs, insider recruitment remains attractive.

For defenders, verification must become continuous.

Ethics training alone will never replace oversight.

Technical controls must support human trust.

Ultimately, this case may reshape ransomware response procedures across the cybersecurity industry.

The long-term impact could extend far beyond one criminal conviction.

It may permanently change how organizations choose, supervise, and audit those trusted to negotiate during cyber extortion incidents.

✅ Fact 1: Martino was sentenced to 70 months in federal prison.

Confirmed. U.S. prosecutors announced the prison sentence following his guilty plea for conspiracy involving ransomware-related extortion activities.

✅ Fact 2: He secretly collaborated with BlackCat (ALPHV) affiliates while working as a ransomware negotiator.

Confirmed. Court records describe how he shared confidential client information with ransomware operators to maximize ransom demands.

✅ Fact 3: Authorities seized approximately $10 million in assets connected to the scheme.

Confirmed. The seized assets included luxury homes, cryptocurrency, vehicles, and other property believed to have been purchased using proceeds from the criminal conspiracy.

Prediction

(+1) Positive Prediction

The cybersecurity industry will likely implement stronger oversight for ransomware negotiators, including mandatory communication logging, independent review processes, enhanced insider threat monitoring, and stricter compliance standards. These reforms should significantly reduce opportunities for similar insider conspiracies and strengthen trust between incident response firms and their clients.

(-1) Negative Prediction

Ransomware groups may increasingly attempt to recruit insiders within cybersecurity firms, cyber insurance providers, and incident response organizations. As criminal operations become more sophisticated, defenders will face growing challenges in detecting trusted professionals who secretly assist attackers from within.

▶️ Related Video (72% Match):

https://www.youtube.com/watch?v=2QPom-knljY

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: cyberscoop.com
Extra Source Hub (Possible Sources for article):
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube