"Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed," the Justice Department said — a blunt summary of a betrayal that prosecutors say turned a trusted negotiator into a paymaster for a ransomware syndicate.
How Martino ran a "double agent" scheme
Angelo John Martino III, a former ransomware negotiator hired by DigitalMint, used his position to funnel confidential victim information to BlackCat affiliates and to receive a share of ransoms, federal prosecutors said. Court records and Martino’s plea agreement describe him obtaining an ALPHV affiliate account that he shared with co-conspirators and using backchannel communications "accessible only to Martino and the BlackCat negotiators and affiliates" to steer negotiations.
Prosecutors quoted chat logs in which Martino told a BlackCat affiliate one victim’s insurance carrier "was only approving small accounts" and urged the affiliate to "Keep denying our offers and I will let you know once I find out the max the[y] want to pay." In one negotiation visible to DigitalMint and a hospitality-industry victim, Martino wrote: "We are able to give you $1 million now, which is a very serious offer." The BlackCat affiliate replied, "Well, you can keep that for the penalties and lawsuits which are coming your way in case we expose you. Time is ticking — we know how much you can pay. Contact your insurance. We know about them also. Stop wasting time."
Victims and the scale of the extortion
Prosecutors say Martino conspired with ransomware affiliates to extort a combined $75.3 million from five U.S. companies that had retained DigitalMint. Between April 2023 and September 2023, the five victims paid ransoms that included a nonprofit that paid nearly $26.8 million, a financial services company that paid nearly $25.7 million, and a hospitality company that paid almost $16.5 million. Two other victims paid $6.1 million and $213,000 respectively. In a separate May 2023 incident described by authorities, Martino and co-conspirators split proceeds from a nearly $1.3 million ransom that they received from a medical company.
Legal outcome, co-conspirators, and seized assets
Martino surrendered to U.S. Marshals in March, was released on a $500,000 bond, and pleaded guilty in April to conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion. He faced up to 20 years in prison and was sentenced to 70 months in jail, the Justice Department said. Martino is scheduled to return to court on Sept. 17 to determine the amount of restitution to be ordered.
Authorities have seized about $10 million in assets tied to Martino, including a bayfront home with an estimated value of $1.68 million, a second single-family home estimated at $396,000, cryptocurrency wallets, multiple vehicles, a food truck and a 29-foot luxury fishing boat. Two former DigitalMint negotiators named in the case — Kevin Tyler Martin and Ryan Clifford Goldberg — pleaded guilty in December to participating in a series of ransomware attacks and were each sentenced in April to four years in prison, according to court filings referenced by prosecutors.
DigitalMint's response and internal controls
DigitalMint told CyberScoop it had no knowledge of Martino’s criminal acts and that Martino’s actions "were deliberately concealed from DigitalMint and were in clear violation of the company’s values, ethical standards and the law." The company said it immediately terminated Martino and suspended his access to systems when the Justice Department notified the company it was investigating him in April 2025.
DigitalMint said it "maintained controls consistent with industry standards, including background checks and compliance procedures," but added that Martino "intentionally hid his conduct from the company, including through separate, unauthorized communication channels" described in government filings. The company declined to say whether it refunded clients harmed by Martino, citing confidentiality obligations.
What this means for security teams, insurers, and incident response vendors
- Security teams and incident response vendors: The case highlights an extreme risk when an individual inside an incident response role can access victim negotiating positions and insurance limits; defenders will likely scrutinize privileged communications and vendor access controls more closely.
- Insurers and corporate risk managers: Martino’s messages referencing insurance approvals and limits show how knowledge of policy coverages can be weaponized during extortion; insurers and counsel may increase coordination with clients and negotiators to limit disclosure of underwriting details.
Prosecutors characterized Martino as a "double agent" driven by greed and emphasized the human cost. "Today’s sentence accounts for the harm Martino caused and demonstrates that the Department of Justice can and will identify and prosecute cybercriminals to the fullest extent of the law," A. Tysen Duva, assistant attorney general at the Justice Department’s Criminal Division, said. The FBI’s Cyber Division assistant director Brett Leatherman added: "Angelo Martino sold out the very victims he was hired to represent, handing their confidential negotiating positions to BlackCat actors to drive up ransoms and enrich himself."
The case also sits against broader enforcement activity: the Justice Department said it disrupted ALPHV/BlackCat in December 2023, seized sites operated by some affiliates and that the FBI developed a decryption tool that helped hundreds of victims restore systems and saved about $99 million in ransom payments at the time. Martino’s sentencing closes one chapter in a case that still includes a restitution hearing and unanswered questions about client remediation and vendor oversight.




