Former DigitalMint Employee Charged in BlackCat Ransomware Insider Scheme
The U.S. Department of Justice has charged Angelo Martino, a former ransomware negotiator for cybersecurity firm DigitalMint, with conspiracy to interfere with interstate commerce by extortion. Martino surrendered to authorities on March 10 after being implicated in an insider scheme involving the BlackCat (ALPHV) ransomware operation.
Court documents reveal that Martino, while employed at DigitalMint, shared confidential negotiation details with BlackCat operators between April 2023 and April 2025. He acted alongside two accomplices Kevin Tyler Martin (another ex-DigitalMint employee) and Ryan Goldberg (a former Sygnia incident response manager) who were previously charged in an October 2025 indictment. Both Martin and Goldberg have pleaded guilty and await sentencing in April.
The defendants allegedly operated as BlackCat affiliates, extorting victims by threatening to leak stolen data. Prosecutors claim they paid BlackCat administrators a 20% cut of collected ransoms in exchange for access to the ransomware and extortion portal. At least five U.S. organizations were targeted, including a Tampa-based medical device manufacturer that paid a $1.27 million ransom. Other victims spanned healthcare, legal, education, and financial sectors.
DigitalMint CEO Jonathan Solomon condemned the actions, stating the company terminated both Martino and Martin upon discovering their misconduct and fully cooperated with law enforcement. The company has since strengthened internal controls to mitigate insider risks.
BlackCat has been a prolific ransomware threat, linked to over 60 breaches between November 2021 and March 2022 and amassing at least $300 million from 1,000+ victims by September 2023. The case follows earlier reports of data recovery firms secretly paying ransoms on behalf of clients while charging for restoration services.
DigitalMint cybersecurity rating report: https://www.rankiteo.com/company/digital-mint-io
"id": "DIG1773318256",
"linkid": "digital-mint-io",
"type": "Breach",
"date": "4/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare/Manufacturing',
'location': 'Tampa, U.S.',
'name': 'Tampa-based medical device manufacturer',
'type': 'Business'},
{'industry': 'Healthcare',
'location': 'U.S.',
'type': 'Business'},
{'industry': 'Legal',
'location': 'U.S.',
'type': 'Business'},
{'industry': 'Education',
'location': 'U.S.',
'type': 'Business'},
{'industry': 'Financial',
'location': 'U.S.',
'type': 'Business'},
{'industry': 'Cybersecurity',
'location': 'U.S.',
'name': 'DigitalMint',
'type': 'Business'}],
'attack_vector': 'Insider threat, extortion',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High (potentially sensitive business '
'and customer data)',
'type_of_data_compromised': 'Stolen data (threatened to be '
'leaked)'},
'date_publicly_disclosed': '2025-03-10',
'description': 'The U.S. Department of Justice has charged Angelo Martino, a '
'former ransomware negotiator for cybersecurity firm '
'DigitalMint, with conspiracy to interfere with interstate '
'commerce by extortion. Martino, along with two accomplices, '
'shared confidential negotiation details with BlackCat (ALPHV) '
'ransomware operators while employed at DigitalMint, '
'facilitating ransomware attacks on at least five U.S. '
'organizations.',
'impact': {'brand_reputation_impact': "DigitalMint's reputation affected due "
'to insider involvement',
'data_compromised': 'Stolen data threatened to be leaked',
'financial_loss': '$1.27 million (one victim alone)',
'legal_liabilities': 'Conspiracy charges, potential fines'},
'initial_access_broker': {'entry_point': 'Insider access (former employees)'},
'investigation_status': 'Ongoing (two accomplices pleaded guilty, Martino '
'surrendered)',
'lessons_learned': 'Insider threats pose significant risks; need for stronger '
'internal controls and monitoring of employee activities.',
'motivation': 'Financial gain, extortion',
'post_incident_analysis': {'corrective_actions': 'Termination of involved '
'employees, strengthened '
'internal controls',
'root_causes': 'Insider collusion with ransomware '
'operators, exploitation of '
'confidential negotiation details'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_paid': '$1.27 million (one victim)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'recommendations': 'Implement stricter access controls, conduct regular '
'audits, enhance employee monitoring, and foster a culture '
'of transparency and accountability.',
'references': [{'source': 'U.S. Department of Justice'}],
'regulatory_compliance': {'legal_actions': 'Conspiracy to interfere with '
'interstate commerce by extortion'},
'response': {'communication_strategy': 'Public condemnation by DigitalMint '
'CEO',
'containment_measures': 'Termination of involved employees, '
'strengthened internal controls',
'law_enforcement_notified': 'Yes (U.S. Department of Justice, '
'FBI)'},
'threat_actor': 'BlackCat (ALPHV) ransomware group, Angelo Martino, Kevin '
'Tyler Martin, Ryan Goldberg',
'title': 'Former DigitalMint Employee Charged in BlackCat Ransomware Insider '
'Scheme',
'type': 'Ransomware'}