Security/ ransomware · security · fraud · cybercrime

Ransomware Negotiator Took Kickbacks While Cutting Deals for Victims

Angelo Martino, a negotiator hired to lower ransom payments, fed confidential client data to BlackCat affiliates and pocketed a cut of the inflated ransoms.

A man paid to reduce ransomware damages was secretly helping attackers squeeze more money out of his own clients.

Angelo Martino, 41, of Florida, worked as a ransomware negotiator for DigitalMint, a firm that companies hire to handle extortion demands after a breach. Instead of minimizing payouts, Martino shared confidential negotiation details with BlackCat ransomware affiliates, allowing them to push for higher ransoms. Five victims paid more than $75 million in total to those affiliates — a figure inflated, at least in part, by Martino's tips. He pleaded guilty and was sentenced to 70 months in prison, well above the 24-month term he requested after arguing he helped prosecutors build cases against two co-defendants.

The case exposes a structural weakness in the ransomware response industry: victims under pressure outsource trust to third parties whose incentives are, in theory, aligned but almost impossible to verify in real time. Martino's co-defendants include a second DigitalMint negotiator and an incident manager at security firm Sygnia, which suggests the problem was not a lone rogue employee but a coordinated scheme spanning multiple firms.

The ransomware negotiation market has grown quietly alongside the ransomware epidemic itself, with little formal oversight or licensing. If insiders at two separate firms colluded simultaneously, the obvious question is how many other engagements, at how many other firms, were similarly compromised.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →