• Home
  • cyber
  • DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say
cyber Ransomware

DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say

Mar 13, 2026 2 min read
DigitalMint and Sygnia Cybersecurity: Chicago cybersecurity firm employee brokered $75M in ransom after orchestrating hacks, feds say

Cybersecurity Insider Exposed as Ransomware Mastermind in $75M Extortion Scheme

Federal prosecutors have unmasked a shocking cybersecurity betrayal: Angelo Martino, a 41-year-old employee of Chicago-based DigitalMint, allegedly orchestrated the very ransomware attacks he was hired to negotiate. Martino and two accomplices Kevin Tyler Martin (also of DigitalMint) and Ryan Clifford Goldberg (an incident response manager at Sygnia Cybersecurity) are accused of extorting over $75 million from at least four companies and a nonprofit between 2023 and 2025.

The victims spanned hospitality, retail, medical, and financial services, with two ransoms exceeding $25 million each. Martino’s role as a ransom negotiator provided insider access, while Goldberg exploited network vulnerabilities and Kevin Martin executed the attacks, locking systems and exfiltrating data. The group used ALPHV BlackCat ransomware, a notorious strain linked to hundreds of global attacks, under an "affiliate" agreement that funneled a cut of profits back to its developers.

Authorities seized Martino’s Florida properties, vehicles, and $9 million in cryptocurrency. A plea hearing is scheduled for June 13, while Goldberg and Kevin Martin who pleaded guilty in December face sentencing on April 30. All three have been terminated from their employers.

DigitalMint’s CEO, Jonathan Solomon, confirmed the company was alerted by the Justice Department in April 2025 and fired Martino immediately. A review found no additional misconduct, and DigitalMint has since tightened internal controls. Meanwhile, cybersecurity firm TRM Labs reports a surge in ransomware attacks, attributing the rise to a growing pool of threat actors exploiting vulnerabilities for profit.

Source: https://chicago.suntimes.com/the-watchdogs/2026/03/13/chicago-digitalmint-hack-ransomware-crime-angelo-martino-marc-grens

Sygnia cybersecurity rating report: https://www.rankiteo.com/company/sygnia

DigitalMint cybersecurity rating report: https://www.rankiteo.com/company/digital-mint-io

"id": "SYGDIG1773455041",
"linkid": "sygnia, digital-mint-io",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Hospitality',
                                     'Retail',
                                     'Medical',
                                     'Financial Services'],
                        'type': ['Hospitality',
                                 'Retail',
                                 'Medical',
                                 'Financial Services']},
                       {'industry': 'Nonprofit',
                        'name': 'Nonprofit (unspecified)',
                        'type': 'Nonprofit'}],
 'attack_vector': 'Insider access, exploitation of network vulnerabilities',
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Sensitive business and customer '
                                             'data'},
 'date_detected': '2025-04',
 'description': 'Federal prosecutors unmasked Angelo Martino, a 41-year-old '
                'employee of Chicago-based DigitalMint, who allegedly '
                'orchestrated ransomware attacks he was hired to negotiate. '
                'Martino and two accomplices extorted over $75 million from at '
                'least four companies and a nonprofit between 2023 and 2025 '
                'using ALPHV BlackCat ransomware.',
 'impact': {'brand_reputation_impact': 'Likely severe for affected entities',
            'data_compromised': True,
            'financial_loss': '$75 million',
            'operational_impact': 'Significant disruption to victim operations',
            'systems_affected': 'Locked systems, data exfiltration'},
 'initial_access_broker': {'entry_point': "Insider access (Angelo Martino's "
                                          'role as ransom negotiator)'},
 'investigation_status': 'Ongoing (plea hearing scheduled for June 13, '
                         'sentencing for April 30)',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': 'DigitalMint tightened '
                                                  'internal controls',
                            'root_causes': 'Insider threat, exploitation of '
                                           'trusted access, lack of internal '
                                           'controls'},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransom_demanded': ['Over $25 million (two cases)'],
                'ransomware_strain': 'ALPHV BlackCat'},
 'references': [{'source': 'Federal prosecutors'}, {'source': 'TRM Labs'}],
 'regulatory_compliance': {'legal_actions': 'Federal prosecution'},
 'response': {'law_enforcement_notified': True},
 'threat_actor': ['Angelo Martino',
                  'Kevin Tyler Martin',
                  'Ryan Clifford Goldberg'],
 'title': 'Cybersecurity Insider Exposed as Ransomware Mastermind in $75M '
          'Extortion Scheme',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.