Blog

The Ultimate Betrayal: Ransomware Negotiator Sentenced to 6 Years for Colluding with Attackers

Published July 14th, 2026 by Bayonseo

A Florida man who was hired to defend ransomware victims from cybercriminals has been sentenced to 70 months in jail in a case that reads like a cyber-thriller, for collaborating with the crooks to increase ransoms and enrich himself. The tale of Angelo Martino, a former DigitalMint ransomware negotiator, serves as a sobering reminder that trust is the most precious and most vulnerable currency in cybersecurity.


A Negotiator's Double Life

Martino's task was simple: he had to bargain with hackers to lower the ransom payments that DigitalMint's customers had to make. However, Martino surreptitiously sent the infamous BlackCat ransomware group (also known as ALPHV) sensitive negotiating information in order to maximize ransoms in exchange for a portion of the payments, rather than shielding victims.

Five victims Martino was meant to assist paid **over $75 million** to ransomware affiliates in a matter of months in 2023. The ransom demands were probably increased due to the insider knowledge Martino disclosed. The range of individual payouts was $213,000 to an astounding $26.8 million.


How the Scheme Worked

Martino had access to sensitive information as a negotiator, including insurance coverage limits, ransom demands, attack details, and negotiation tactics. He betrayed his clients by using this information.

Martino used the Tox messaging service and a hidden "intermediary chat tab" on the BlackCat panel that only he and the attackers could access to interact with BlackCat actors. He gave the crooks private information intended to enhance payments throughout these conversations. Martino later had cryptocurrency taken by the FBI, but he had already spent a large portion of it on a yacht, many cars, and two homes in Florida.


The Broader Conspiracy

Martino wasn't by himself. Kevin Martin, a citizen of Texas, and Ryan Goldberg, a resident of Georgia, were among his accomplices and were both given four-year prison sentences in April 2026. Beyond simple treachery, the three successfully extorted $1.2 million from a medical equipment business by using BlackCat ransomware against five victims.

Financial services, healthcare, hotel, retail, and nonprofit organizations were among the victims. Significant financial losses and service disruptions resulted from the attacks.


What This Means for You

This scenario highlights a hidden weakness in ransomware response: both external attackers and people who are supposed to assist might take advantage of the situation.

Trust, but confirm: Do extensive background checks before employing a ransomware negotiator or incident response company. Seek out impartial third-party verification and inquire about their security procedures.

Reduce the amount of sensitive information you share with negotiators. Keep maximum payment criteria and insurance information private from anyone who isn't involved in the decision-making process.

Develop internal expertise: To avoid being totally reliant on outside negotiators who might have conflicting interests, build internal incident response capabilities.


How Bayon Technologies Group Can Help

We at Bayon Technologies Group are aware that trust is the foundation of cybersecurity. We assist the following organizations:

  • Create effective crisis response plans to lessen the need for outside negotiators.
  • Make sure partners have robust security and moral business practices by conducting vendor due diligence.
  • Put in place layered protections to make ransomware assaults more difficult to carry out in the first place.
  • Increase cyber resilience via proactive threat hunting, frequent backups, and personnel training.

Don't wait for a betrayal to reveal your weaknesses. Get in touch with Bayon Technologies Group right now to develop a reliable security plan.


‹ Back