He helped accomplices extract a combined $75.3 million in ransoms — even as he was officially negotiating on behalf of five of those same victims, prosecutors say.
The scheme and the guilty plea
Angelo John Martino III, a South Florida resident and former ransomware negotiator for DigitalMint, pleaded guilty in April 2026 to conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion, the Justice Department said. Martino admitted he conspired with multiple ransomware affiliates to attack and extort payments from U.S. companies he represented in 2023. He faces up to 20 years in federal prison and is scheduled for sentencing on July 9.
How Martino allegedly exploited his role at DigitalMint
Five U.S.-based victims — a nonprofit and companies in the hospitality, financial services, retail and medical industries — hired DigitalMint and were assigned Martino as their negotiator. Prosecutors say Martino used access to confidential negotiating positions and insurance-policy limits he obtained in that role to steer maximum ransom payments to himself and BlackCat affiliates. DigitalMint is not accused of knowledge or involvement; the company fired Martino the day after the Department of Justice informed it of the investigation in April 2025.
Negotiation chats the government released
Martino’s plea agreement includes a series of chats prosecutors say show how he betrayed both clients and employer. In one exchange during an incident response, Martino told a BlackCat affiliate that the company’s insurance carrier “was only approving small accounts,” and added, “Keep denying our offers and I will let you know once I find out the max the[y] want to pay.”
In a negotiation chat visible to DigitalMint and the hospitality-industry victim, Martino — posing as the victim’s negotiator — wrote, “We don’t know how you came up with your demand but we are losing money operationally and all of our loans are going to turnover on us this year at double the interest rates … We are able to give you $1 million now, which is a very serious offer.” Following his instructions, the BlackCat accomplice replied: “Well, you can keep that for the penalties and lawsuits which are coming your way in case we expose you. Time is ticking — we know how much you can pay. Contact your insurance. We know about them also. Stop wasting time.”
According to prosecutors, that hospitality victim ultimately paid a ransom worth nearly $16.5 million at the time in exchange for a decryptor and a promise not to publish stolen data. Two other victims Martino represented while at DigitalMint paid ransoms of $6.1 million and $213,000 for similar commitments. Authorities say Martino received a portion of these payments.
Financial proceeds seized and related enforcement actions
Law enforcement has seized $10 million in assets and cryptocurrency wallets controlled by Martino. Officials also seized multiple vehicles, a food truck, a 29-foot luxury fishing boat and two properties in Nokomis, Florida — a bayfront home with an estimated value of $1.68 million and a single-family home estimated at $396,000. Martino surrendered in March to U.S. Marshals in Miami and was released on a $500,000 bond.
“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” A. Tysen Duva, assistant attorney general at the Justice Department’s Criminal Division, said in a statement. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.” FBI assistant director Brett Leatherman added: “That includes apprehending key facilitators like Angelo Martino, who abused the trust placed in him as a private sector negotiator by collaborating with ransomware criminals.”
How victims, incident responders, and insurers are implicated
- Victims: The five companies that hired DigitalMint all paid ransoms; prosecutors say one nonprofit paid nearly $26.8 million and one financial services company paid nearly $25.7 million. Those payments underscore the direct, costly harm alleged in the scheme.
- Incident response firms and negotiators: Officials described this case as an “extreme, albeit rare” example of how backchannel or private negotiations can go wrong. DigitalMint dismissed Martino after learning of the investigation, and two other former DigitalMint employees who pleaded guilty — Kevin Tyler Martin and Ryan Clifford Goldberg — are linked by prosecutors to related attacks and are scheduled for sentencing April 30.
- Insurers: Insurance policy limits were central to the tactics prosecutors say Martino relayed to his co-conspirators. In chat excerpts, Martino urged victims to contact insurers while telling affiliates how much those insurers would approve.
The plea agreement and the chat transcripts leaked by prosecutors make clear that the alleged betrayals occurred through operational details — insurance limits, negotiating posture and timing — that a negotiator would ordinarily know. ALPHV/BlackCat, the ransomware strain cited in the case, is described in the record as a group linked to multiple attacks, including a February 2024 strike on a UnitedHealth Group subsidiary that paid $22 million and affected data on about 190 million people.
Martino’s conviction closes one chapter in a high-dollar extortion case but raises concrete, immediate questions: how private negotiations are monitored, how incident responders are vetted, and what practices will arise to reduce the risk that those hired to help victims instead enable attackers. Martino’s sentencing is scheduled for July 9; his alleged co-conspirators face sentencing on April 30.
