A man hired to negotiate ransomware payments was secretly working for the attackers the whole time.
Angelo Martino was sentenced to 70 months in federal prison after officials said he colluded with ransomware groups to defraud the victims he was supposed to help. Instead of minimizing payments, Martino allegedly steered negotiations in ways that benefited the attackers. The scheme netted over $75 million from victims who thought they had a professional in their corner.
The case exposes a blind spot in how organizations respond to ransomware: the incident response supply chain itself. Most companies under attack have no way to vet a negotiator's loyalties under time pressure, and the market for these services is largely unregulated. If insiders can operate this way at scale, the assumption that a hired negotiator is neutral deserves much more scrutiny.
Ransomware payments already operate in a legal gray zone — the FBI discourages them, OFAC sanctions can make them illegal if attackers are on the list, and now victims have to wonder whether their own negotiator is on the payroll of the other side.