Listen to this Post
The U.S. Department of Justice has taken decisive action against another former DigitalMint employee for secretly aiding the BlackCat (ALPHV) ransomware operation while working as a ransomware negotiator. This case exposes the growing risk of insider threats within cybersecurity firms, showing that even trusted employees can exploit sensitive information for criminal gain.
Insider Threat Uncovered
Angelo Martino surrendered to U.S. Marshals on March 10, facing a single charge of conspiracy to interfere with interstate commerce by extortion. Court documents reveal that while employed at DigitalMint, a firm specializing in ransomware incident response, Martino shared confidential negotiation details with BlackCat operators.
Between April 2023 and April 2025, Martino allegedly collaborated with accomplices Kevin Tyler Martin (also a former DigitalMint employee) and Ryan Goldberg (ex-Sygnia incident response manager) to directly execute ransomware attacks. Martino was previously identified only as “Co-Conspirator 1” in an October 2025 indictment involving Martin and Goldberg, both of whom have pleaded guilty and are awaiting sentencing in April.
Ransomware Operations and Victims
The defendants acted as BlackCat affiliates, extorting victims and threatening data leaks if ransoms were not paid. Prosecutors allege that a 20% cut of collected ransoms went to BlackCat administrators for access to their ransomware and extortion portal. Victims included at least five U.S. organizations, such as a Tampa-based medical device manufacturer that paid $1.27 million. Other victims spanned medical facilities, law firms, school districts, and financial service providers.
DigitalMint CEO Jonathan Solomon condemned the former employees’ actions, emphasizing that both were terminated immediately and the company has fully cooperated with authorities. Solomon stated, “While no organization can completely eliminate insider risk, we take incidents like this extremely seriously and have strengthened safeguards and internal controls.”
BlackCat’s Notorious History
BlackCat ransomware has been linked by the FBI to over 60 breaches between November 2021 and March 2022. The group reportedly amassed at least $300 million in payments from more than 1,000 victims by September 2023. This case echoes past reports, such as ProPublica’s 2019 investigation, which found some U.S. data recovery firms secretly paying ransomware gangs while charging clients without disclosure.
What Undercode Say:
This case highlights a deeply troubling trend: the rise of insider-assisted ransomware. Martino’s actions demonstrate how insiders can bypass corporate safeguards, giving cybercriminals both operational intelligence and direct access to targets. The involvement of multiple employees from cybersecurity firms underscores that knowledge of ransomware negotiations can be weaponized, turning the very defenders into facilitators of extortion.
The financial scale is alarming. A single organization paid over $1 million, and with multiple targets, the cumulative cost to U.S. institutions is staggering. Beyond direct monetary losses, victims face reputational damage, regulatory scrutiny, and potential long-term exposure of sensitive data.
DigitalMint’s response—immediate termination, cooperation with law enforcement, and reinforcement of internal controls—is textbook crisis management. However, even robust security protocols may not fully prevent insider collusion, especially when employees possess both the technical knowledge and access privileges required to manipulate incidents.
This case also illustrates the blurred line between professional services and criminal facilitation. While ransomware negotiators are intended to mitigate extortion impacts, insider corruption turns their role into a channel for ransomware success. Organizations should consider enhanced monitoring, segregation of duties, and zero-trust access policies to reduce insider risk.
Furthermore, the persistence of groups like BlackCat, which reportedly took $300 million from over 1,000 victims, indicates that ransomware remains highly profitable. Despite law enforcement efforts, the model continues to attract affiliates who see it as a lucrative avenue, highlighting the need for global collaboration and proactive intelligence sharing.
From a cybersecurity perspective, this incident suggests that firms must evaluate not just external threats but also the potential for internal compromise. A combination of behavioral analytics, continuous monitoring, and strict vetting may become essential to prevent similar breaches in the future. The DigitalMint case could become a precedent, pushing the industry to rethink insider risk as a central component of cybersecurity strategy rather than an afterthought.
Fact Checker Results:
✅ DOJ confirmed Angelo Martino’s charge of conspiracy to interfere with interstate commerce by extortion.
✅ Multiple victims, including a Tampa-based medical device manufacturer, reportedly paid over $1 million in ransom.
❌ No evidence suggests DigitalMint is under investigation beyond cooperating with law enforcement.
Prediction
🚨 Insider-assisted ransomware attacks will likely increase as cybercriminals target employees with privileged access.
💰 High-value organizations, especially in healthcare and finance, remain prime targets for affiliate ransomware operations.
🔒 Companies may adopt stricter zero-trust and employee monitoring frameworks, making insider collusion harder but not impossible.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.quora.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
