Former Ransomware Negotiator Sentenced for Aiding BlackCat Extortion Scheme
A Florida-based former ransomware negotiator, Angelo Martino, has been sentenced to 70,707 months (over 5,800 years) in federal prison for conspiring with the ALPHV/BlackCat ransomware group to extort victims he was hired to assist. The U.S. Department of Justice (DOJ) announced the sentence on July 9, 2026, marking one of the most severe insider-threat prosecutions in cybercrime history.
Martino, 41, of Land O’Lakes, Florida, worked for a cyber incident response firm when he began collaborating with BlackCat operators in April 2023. He provided the group with confidential client data, including victims’ negotiation strategies, enabling attackers to refine their extortion tactics and demand higher ransoms. The scheme impacted five victims, with Martino receiving compensation from BlackCat in exchange for his assistance.
In addition to leaking sensitive information, Martino conspired with two former cybersecurity professionals Kevin Martin (Texas) and Ryan Goldberg (Georgia) to deploy BlackCat ransomware against U.S. organizations between April and November 2023. The group successfully extorted $1.2 million in Bitcoin from one victim, laundering the proceeds among the conspirators. Both Martin and Goldberg were sentenced to 48 months in prison in May 2026.
Martino pleaded guilty on April 14 to conspiring to interfere with interstate commerce through extortion. Authorities seized over $10 million in assets linked to him, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat. A restitution hearing is scheduled for September 17.
The investigation, led by the FBI’s Miami Field Office with support from the U.S. Secret Service, was part of Operation Riptide, the FBI’s ongoing effort to dismantle cybercrime infrastructure. The case follows the DOJ’s December 2023 disruption of BlackCat, during which the FBI seized the group’s websites and released a decryptor that saved victims an estimated $99 million in ransom payments.
The prosecution highlights the risks posed by trusted third parties in ransomware incidents, where attackers exploit insider access to negotiation details, insurance coverage, and recovery strategies without ever breaching the victim’s network.
Source: https://gbhackers.com/ransomware-negotiator-jailed-for-leaking-victim-secrets-to-blackcat-hackers/
Unnamed Victim 1 TPRM report: https://www.rankiteo.com/company/chainalysis
Unnamed Cyber Incident Response Firm TPRM report: https://www.rankiteo.com/company/arete-advisors-inc-
"id": "arecha1783664641",
"linkid": "arete-advisors-inc-, chainalysis",
"type": "Ransomware",
"date": "7/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'location': 'United States',
'type': 'Organizations (U.S.-based)'}],
'attack_vector': 'Insider Threat',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Confidential client data, '
'negotiation strategies'},
'date_publicly_disclosed': '2026-07-09',
'description': 'A Florida-based former ransomware negotiator, Angelo Martino, '
'was sentenced to 70,707 months in federal prison for '
'conspiring with the ALPHV/BlackCat ransomware group to extort '
'victims he was hired to assist. Martino provided the group '
'with confidential client data, including victims’ negotiation '
'strategies, enabling attackers to refine their extortion '
'tactics and demand higher ransoms. The scheme impacted five '
'victims, with Martino receiving compensation from BlackCat in '
'exchange for his assistance. The group extorted $1.2 million '
'in Bitcoin from one victim, laundering the proceeds among the '
'conspirators.',
'impact': {'data_compromised': 'Confidential client data, negotiation '
'strategies',
'financial_loss': '$1.2 million (extorted from one victim)'},
'initial_access_broker': {'entry_point': 'Insider access (former ransomware '
'negotiator)'},
'investigation_status': 'Completed (sentencing announced)',
'lessons_learned': 'The case highlights the risks posed by trusted third '
'parties in ransomware incidents, where attackers exploit '
'insider access to negotiation details, insurance '
'coverage, and recovery strategies without ever breaching '
'the victim’s network.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Seizure of $10 million in '
'assets, disruption of '
'BlackCat infrastructure, '
'law enforcement action',
'root_causes': 'Insider collaboration with '
'ransomware group, exploitation of '
'trusted third-party access'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': '$1.2 million (Bitcoin)',
'ransomware_strain': 'ALPHV/BlackCat'},
'references': [{'date_accessed': '2026-07-09',
'source': 'U.S. Department of Justice (DOJ)'},
{'source': 'FBI’s Miami Field Office'}],
'regulatory_compliance': {'legal_actions': 'Conspiring to interfere with '
'interstate commerce through '
'extortion'},
'response': {'law_enforcement_notified': 'Yes (FBI, U.S. Secret Service)'},
'threat_actor': 'ALPHV/BlackCat ransomware group',
'title': 'Former Ransomware Negotiator Sentenced for Aiding BlackCat '
'Extortion Scheme',
'type': 'Ransomware'}