A former incident response negotiator has been sentenced to 70 months in prison for secretly working with the BlackCat (ALPHV) ransomware gang while employed to help victims respond to its attacks. Angelo Martino, 41, previously worked for cybersecurity incident response firm DigitalMint and pleaded guilty to his role in the scheme.

Martino is the third former negotiator sentenced in the case. Kevin Tyler Martin, 28, and Ryan Clifford Goldberg, 33, both former employees of Sygnia and DigitalMint, pleaded guilty in December to conspiracy to obstruct commerce by extortion and were each sentenced to four years in prison in May. Martino was initially referred to only as “Co-Conspirator 1” in an October 2025 indictment before being named in court documents unsealed in March.

How the scheme worked

According to court filings, between April 2023 and April 2025 Martino and his co-conspirators operated as BlackCat affiliates while simultaneously working as trusted negotiators for ransomware victims. The three paid BlackCat administrators a 20 percent cut of ransom proceeds in exchange for access to the group’s ransomware and extortion portal.

Prosecutors said Martino went further than his accomplices in at least five cases, sharing confidential details about victims’ insurance policy limits and internal negotiation positions directly with BlackCat operators. That information let the attackers calibrate ransom demands to extract the maximum amount victims could pay.

Victims and losses

The group’s victims included at least five U.S. organizations, among them school districts, medical facilities, law firms, and financial services companies. Two payments stood out: a financial services firm paid $25,660,000 and a nonprofit paid $26,793,000 in ransom.

The FBI has linked BlackCat to more than 60 breaches between November 2021 and March 2022 alone, and estimated the group collected at least $300 million from more than 1,000 victims through September 2023 before the operation was disrupted.

Company response

DigitalMint CEO Jonathan Solomon said the firm condemned the conduct and terminated both Martin and Martino as soon as it learned of their actions, calling the behavior a violation of the company’s values, ethical standards, and the law.

The case underscores a growing concern for enterprises: the trusted incident response and negotiation firms brought in during a ransomware crisis can themselves become an insider threat vector, with access to sensitive financial and strategic data that attackers can exploit.