Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Linux Kernel FUSE Vulnerability (CVE-2023-XXXX) Lets Attackers Gain Root Privileges
July 10, 2026
Critical GNU Guix Vulnerabilities Let Attackers Elevate Privileges
July 10, 2026
Critical Windows Shortcut Vulnerability Allows Remote Code Execution
July 10, 2026
Home/CyberSecurity News/Ransomware Negotiator Jailed for Aiding BlackCat Attacks
CyberSecurity News

Ransomware Negotiator Jailed for Aiding BlackCat Attacks

Key Takeaways A former ransomware negotiator was sentenced to 70 months in federal prison for colluding with the BlackCat/ALPHV ransomware group. Angelo Martino, employed by a U.S. incident response...

Marcus Rodriguez
Marcus Rodriguez
July 10, 2026 3 Min Read
4 0

Key Takeaways

  • A former ransomware negotiator was sentenced to 70 months in federal prison for colluding with the BlackCat/ALPHV ransomware group.
  • Angelo Martino, employed by a U.S. incident response firm, leveraged confidential client information to aid attackers.
  • Martino, along with two co-conspirators, deployed BlackCat ransomware against U.S. organizations, extorting one victim for approximately $1 million in Bitcoin.
  • The case underscores the significant insider threat potential within cyber incident response operations.

A former ransomware negotiator from Florida has received a 70-month federal prison sentence for his involvement in a scheme that saw him conspire with the notorious BlackCat/ALPHV ransomware collective to compromise and extort multiple U.S. entities.

Table Of Content

  • Key Takeaways
  • Insider Threat Exposes Vulnerabilities in Incident Response
  • What You Should Do

Angelo Martino, residing in Land O’Lakes, Florida, was formerly employed by a U.S.-based cyber incident response company. His professional duties included assisting organizations in recovering from ransomware attacks and engaging with threat actors on their behalf.

However, prosecutors revealed that Martino exploited his privileged access to sensitive client data, using it to assist the very cybercriminals who were targeting these victims.

According to the U.S. Department of Justice, Martino initiated his collaboration with BlackCat operatives in April. He allegedly provided the ransomware group with critical intelligence regarding victims’ negotiation tactics, financial standing, and planned responses to ransom demands.

Insider Threat Exposes Vulnerabilities in Incident Response

This confidential information significantly bolstered the attackers’ leverage, enabling them to exert greater pressure on victims and demand higher ransom payments. The BlackCat ransomware operation, also known by its ALPHV moniker, functioned as a ransomware-as-a-service (RaaS) platform.

Under this model, the group’s developers supplied the necessary malware and infrastructure to affiliates, who were then responsible for executing network intrusions, exfiltrating data, encrypting systems, and demanding cryptocurrency payments.

BlackCat quickly rose to prominence as one of the most destructive ransomware operations globally. Martino’s conspiracy extended to include Kevin Martin of Texas and Ryan Goldberg of Georgia, both of whom were also former cybersecurity professionals.

Between April and November, the trio actively deployed BlackCat ransomware against additional U.S. organizations. Prosecutors stated that they successfully extorted one victim for an estimated $1 million in Bitcoin.

The conspirators divided their share of the ransom payment into three portions and employed various methods to launder the cryptocurrency proceeds.

Martino entered a guilty plea in April to one count of conspiracy to interfere with interstate commerce through extortion. Martin and Goldberg had previously been sentenced to prison terms in May.

Law enforcement agencies have successfully seized over $1 million in assets linked to Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat. Authorities confirmed that these assets were acquired through the proceeds of the extortion scheme. A restitution hearing for Martino is scheduled for September.

This case starkly illustrates the insider threat that can materialize within ransomware response efforts. Incident response providers are often entrusted with highly sensitive information, such as assessments of a victim’s ability to pay a ransom, insurance details, recovery strategies, internal communications, and negotiation limits.

The unauthorized disclosure of such information can directly enhance an attacker’s capacity to extort a victim. The investigation was spearheaded by the FBI Miami Field Office, with crucial support from the U.S. Secret Service.

This prosecution forms part of Operation Riptide, an FBI initiative targeting cybercrime actors, their infrastructure, financial networks, and fraudulent operations. The Justice Department had previously disrupted BlackCat’s infrastructure in December. During that operation, the FBI developed a decryption tool that aided hundreds of victims in restoring their encrypted systems and reportedly prevented approximately $68 million in potential ransom payments.

What You Should Do

  • Implement Robust Insider Threat Programs: Establish comprehensive programs to monitor employee behavior, particularly those with access to sensitive client data or critical systems.
  • Strengthen Vendor Due Diligence: Thoroughly vet all third-party incident response providers, including background checks on key personnel and regular security audits of their practices.
  • Enforce Strict Access Controls: Implement the principle of least privilege for all employees, ensuring access to sensitive information is granted only on a need-to-know basis.
  • Encrypt and Segment Sensitive Data: Encrypt confidential client information at rest and in transit, and segment networks to limit lateral movement in case of a breach.
  • Conduct Regular Security Awareness Training: Educate employees on the risks of insider threats, social engineering, and the importance of data confidentiality.
  • Monitor for Anomalous Activity: Deploy security information and event management (SIEM) systems to detect unusual access patterns or data exfiltration attempts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCybersecurityMalwareransomwareSecurityThreat

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

GigaWiper Malware Wipes Windows Systems, Displays Fake Ransomware Notes

Next Post

Dormant GitHub Accounts Hijacked for Corporate Source Code Reconnaissance

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Windows Process Injection Technique Evades 4 EDR Solutions
July 10, 2026
Xalgorix AI Tool Vulnerability Exposes Sensitive Data
July 10, 2026
Odyssey Stealer Targets macOS Users and 300 Crypto Wallet Extensions Globally
July 10, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us