Cybersecurity Insider Betrays Employer to Aid Ransomware Attacks, DOJ Reveals
A former employee of Chicago-based cybersecurity firm DigitalMint has been exposed as a key conspirator in a ransomware scheme that targeted U.S. organizations between April and November 2023. According to the U.S. Department of Justice (DOJ), James Martino who was trusted to assist ransomware victims instead colluded with cybercriminals, sharing sensitive details such as insurance policy limits and negotiation strategies in exchange for a share of the profits.
Martino worked alongside Ryan Goldberg (a Georgia resident employed by cybersecurity firm Sygnia) and Kevin Martin (a Texas resident and fellow DigitalMint employee) to deploy BlackCat ransomware against multiple victims. In one case, the group extorted $1.2 million in Bitcoin from a victim, splitting and laundering the proceeds through various channels.
Authorities have since seized $10 million in assets linked to Martino, including digital currency, a food truck, and a luxury fishing boat. The DOJ emphasized that Martino’s actions not only harmed victims but also undermined the integrity of the cyber incident response industry.
Goldberg and Kevin Martin were indicted in November 2025, with Martino initially identified as an unnamed co-conspirator. The case highlights the risks posed by insider threats within cybersecurity firms, where trusted personnel may exploit their access to facilitate criminal activity.
Source: https://www.claimsjournal.com/news/national/2026/04/28/337189.htm
Sygnia cybersecurity rating report: https://www.rankiteo.com/company/sygnia
DigitalMint cybersecurity rating report: https://www.rankiteo.com/company/digital-mint-io
"id": "SYGDIG1777357524",
"linkid": "sygnia, digital-mint-io",
"type": "Ransomware",
"date": "4/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Cybersecurity',
'location': 'Chicago, USA',
'name': 'DigitalMint',
'type': 'Cybersecurity Firm'},
{'industry': 'Cybersecurity',
'location': 'Georgia, USA',
'name': 'Sygnia',
'type': 'Cybersecurity Firm'},
{'location': 'USA',
'name': 'Multiple U.S. Organizations',
'type': 'Victim Organizations'}],
'attack_vector': 'Insider Threat',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Insurance policy limits',
'Negotiation strategies']},
'description': 'A former employee of Chicago-based cybersecurity firm '
'DigitalMint colluded with cybercriminals to deploy BlackCat '
'ransomware against U.S. organizations, sharing sensitive '
'details such as insurance policy limits and negotiation '
'strategies in exchange for a share of the profits. The group '
'extorted $1.2 million in Bitcoin from a victim, and '
'authorities seized $10 million in assets linked to the '
'conspirators.',
'impact': {'brand_reputation_impact': 'Undermined integrity of cyber incident '
'response industry',
'financial_loss': '$1.2 million (extorted), $10 million (seized '
'assets)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights risks posed by insider threats within '
'cybersecurity firms, where trusted personnel may exploit '
'their access to facilitate criminal activity.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Insider threat exploiting access '
'to sensitive information'},
'ransomware': {'ransom_paid': '$1.2 million', 'ransomware_strain': 'BlackCat'},
'references': [{'source': 'U.S. Department of Justice (DOJ)'}],
'regulatory_compliance': {'legal_actions': 'Indictments (November 2025)'},
'response': {'law_enforcement_notified': 'Yes (DOJ)'},
'threat_actor': ['James Martino', 'Ryan Goldberg', 'Kevin Martin'],
'title': 'Cybersecurity Insider Betrays Employer to Aid Ransomware Attacks',
'type': 'Ransomware'}