Angelo Martino, a former ransomware negotiator, has admitted to secretly working with the BlackCat ransomware group, pleading guilty to conspiracy charges. Martino, aged 41 and residing in Land O’Lakes, Florida, was involved in obstructing commerce through extortion by collaborating with cybercriminals. His actions included sharing sensitive information with BlackCat to enhance their extortion efforts and conspiring to deploy ransomware attacks across the United States.
Martino was employed by incident response firm Digital Mint and began his illicit activities in April 2023. He acted as a negotiator for five corporate victims of ransomware, during which he provided BlackCat with crucial details such as insurance policy limits and internal negotiation strategies. This information allowed the ransomware group to maximize their financial gains, for which Martino received compensation. Additionally, he conspired with Ryan Goldberg and Kevin Martin to execute ransomware attacks, effectively becoming a BlackCat affiliate.
The full extent of the attacks orchestrated by Martino and his co-conspirators remains unclear, but authorities have seized $10 million in assets from him. These assets include digital currency, vehicles, a food truck, and a luxury fishing boat. Court documents reveal that the group extorted significant sums from various victims, including a $16.5 million ransom from a hospitality firm, $25.7 million from a financial services firm, and $26.8 million from a non-profit organization.
The victims of these attacks spanned multiple industries, including retail, manufacturing, medical, engineering, and pharmaceuticals. Assistant Attorney General A. Tysen Duva highlighted the betrayal of trust by Martino, who was expected to help victims combat ransomware threats but instead facilitated attacks, harming both his clients and the cyber incident response industry.
Martino is scheduled for sentencing on July 9 and faces a maximum sentence of 20 years in prison. The BlackCat group, also known as ALPHV, was estimated to have extorted up to $300 million from hundreds of victims by late 2023. In December 2023, the group's leak site was seized, and a decryptor was released, potentially saving victims millions in ransom payments.
Source: https://www.infosecurity-magazine.com/news/former-ransomware-negotiator/