Emerging ThreatsMalware & Ransomware

Ransomware Negotiator Pleads Guilty to Aiding BlackCat Extortions

Analyst 207||Source: TheHackerNews
Person in hoodie sits before laptop with ransom demand, cityscape behind, cash and phone discarded beside.

Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assist the e-crime gang in extracting higher amounts as ransoms.

Who is Angelo Martino?

The limited public record in the reporting identifies the defendant by name, age and town: Angelo Martino, 41, of Land O'Lakes, Florida. The same reporting states that he has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Those three facts — his name, his location and the guilty plea for activity in 2023 — are the explicit personal details provided in the source material.

A start date: April 2023

The reporting specifies that Martino “teamed up with the operators of the BlackCat ransomware starting in April 2023.” That month is presented as the point at which his collaboration with the BlackCat operators began. The account ties his involvement in the scheme directly to activity that began in that spring month of 2023.

Role described: a ransomware negotiator

The source identifies Martino’s occupation within the enterprise as a ransomware negotiator. It calls him “employed as a ransomware negotiator” and characterizes him as the third individual in that category to plead guilty for conducting ransomware attacks against U.S. companies in 2023. The reporting also quotes a fragmentary passage: “Working as a negotiator on behalf of five different” — a partial line that appears in the source text and is included here verbatim.

Association with BlackCat operators and ransom extraction

The reporting states that Martino’s collaboration with the BlackCat operators was undertaken “to assist the e-crime gang in extracting higher amounts as ransoms.” That phrase frames his role functionally: assisting an e-crime group by helping those actors increase the size of ransom payments secured from victims. The source links his negotiator work specifically to a goal of extracting larger ransom sums on behalf of BlackCat.

Scope and targets mentioned: U.S. companies in 2023

The pleaded-guilty charge described in the reporting is explicitly tied to conducting ransomware attacks against U.S. companies in 2023. Beyond that categorical description — U.S. companies and the year 2023 — the source does not supply additional identifiers for victims, industries affected, monetary totals, or the number of attacks for which Martino admitted responsibility. The statement is therefore precise in its reach but limited in its detail.

Noted context in the reporting: “third individual”

The account frames Martino’s guilty plea as the latest in a sequence by identifying him as “a third individual who was employed as a ransomware negotiator” to plead guilty in connection with ransomware activity in 2023. The reporting thereby situates this legal development within a broader pattern described by the source: multiple negotiators have been implicated and have entered guilty pleas related to that year’s attacks.

Questions the reporting leaves open

The source delivers clear, narrow facts about identity, timing, role and the nature of the plea, but it leaves other specifics unreported. It does not set out the legal charges in statutory detail, the venue where the plea was entered, the prosecution or investigative bodies involved, any factual proffer or admissions beyond the general description, the number or names of victim companies, ransom amounts, or a schedule for sentencing. Those absences are notable because the facts the source does provide point directly to matters — motive, scale, and accountability — that remain unspecified in the published account.

How to read what is reported

The material provided is tightly circumscribed: a named individual, an identified role (ransomware negotiator), a named criminal enterprise (BlackCat), a commencement month for the collaboration (April 2023), a stated purpose (“assist the e-crime gang in extracting higher amounts as ransoms”), and the categorical target of the admitted conduct (U.S. companies in 2023). Taken together, those facts sketch the contours of one actor’s involvement without resolving the larger operational picture.

The line “Working as a negotiator on behalf of five different” appears in the source as an incomplete fragment; included here verbatim, it underscores both the presence of additional detail in the original reporting and the limits of the excerpted record available for this report. What is fully documented in the source is that Martino has pleaded guilty and that his collaborator role with BlackCat began in April 2023.

The record as presented raises plainly answerable questions: how many incidents or victims were involved, what sums were at issue, whether additional negotiators will plead guilty, and how the legal process will resolve for Martino and any co-conspirators. The source supplies no answers to those specifics, but it does establish the key, named facts that any subsequent reporting will need to connect to a wider evidentiary account.

For the original reporting, see: https://thehackernews.com/2026/04/ransomware-negotiator-pleads-guilty-to.html

CybercrimeEmerging ThreatsExtortionNation-StateRansomwareUnited StatesRansomware OperationsBlackcatFlorida
Related Intelligence

Continue Reading

A WordPress dashboard screen with a cracked laptop keyboard in the foreground, symbolizing site vulnerability.

Hackers Exploit Everest Forms Pro Flaw to Hijack WordPress Sites

More than 29,300 attempted hacks have been blocked by Wordfence, revealing a surge in automated attacks exploiting a critical flaw in the Everest Forms Pro plugin, tracked as CVE-2026-3300. This alarming number highlights the urgent need for WordPress site owners to safeguard against this vulnerability.

Analyst 207
Networked server equipment and cabling in a brightly-lit data center with a blurred background.

CISA Flags SolarWinds Serv-U Flaw as Actively Exploited

A critical flaw in SolarWinds Serv-U is being actively exploited, allowing attackers to crash the service with a specially crafted POST request - no authentication required. This denial-of-service vulnerability, tracked as CVE-2026-28318, can be triggered by a simple HTTP POST request with a malicious Content-Encoding header.

Analyst 207
Smart TV on a media console in a living room with subtle hints of a vast network connection in the background.

Free Apps Turn Smart TVs Into AI Web-Scraping Proxies

Free apps can secretly turn your smart TV into a powerful tool for web scraping, unknowingly contributing to a massive residential proxy network of over 400 million IPs. This startling reality raises questions about consumer data and the hidden use of their devices.

Analyst 207
GitHub repository page on laptop screen with error message and blurred software development workspace background.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack

GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Analyst 207