HackRead

Cybersecurity Negotiator Gets 70 Months for Helping BlackCat Extort Victims


A former ransomware negotiator who supplied BlackCat ransomware with confidential information from companies seeking help has been sentenced to 70 months in federal prison.

Angelo Martino, 41, of Land O’Lakes, Florida, received the sentence on July 9 for conspiring with operators of the ALPHV, also known as the BlackCat ransomware group. US prosecutors said he used his position at a cyber incident response company to help ransomware operators pressure victims into paying higher demands.

Ransom note from the ALPHV BlackCat Ransomware Group

Court documents show that Martino began working with BlackCat members in April 2023 while employed as a ransomware negotiator. His job gave him access to private discussions about how affected companies planned to respond, including their negotiating positions and payment strategies.

Prosecutors said Martino passed that information to the BlackCat group in exchange for payment. The information allowed the ransomware operators to assess how much victims might pay and adjust their demands during negotiations.

According to the DOJ’s press release, the scheme impacted five ransomware victims whose cases Martino was supposed to help manage. His access placed him inside confidential negotiations while he was also assisting the criminals demanding payment from those clients.

Martino later worked with former cybersecurity professionals Kevin Martin of Texas and Ryan Goldberg of Georgia to deploy BlackCat ransomware against other organisations in the United States between April and November 2023.

Martin joined Martino’s workplace after the conspiracy had begun, while Goldberg worked for a separate incident response company. Prosecutors said the three men operated as BlackCat affiliates and carried out ransomware attacks using the group’s malware and extortion platform.

One victim paid approximately $1.2 million in Bitcoin following a successful attack. Martino, Martin, and Goldberg divided their share of the payment into three parts and used several methods to launder the proceeds.

Hackread.com previously reported that Martin and Goldberg were each sentenced to four years in federal prison in May. At the time, Martino had pleaded guilty and was awaiting sentencing.

Martino pleaded guilty on April 14 to one count of conspiracy to interfere with interstate commerce through extortion. His prison term exceeds the 48-month sentences issued to Martin and Goldberg.

Federal authorities have seized assets valued at more than $10 million from Martino. The property includes cryptocurrency, vehicles, a food truck, and a luxury fishing boat obtained with proceeds from the scheme.

A federal court is scheduled to determine the amount Martino must pay in restitution on September 17.

Understanding the cyber crime operation

Ransomware Case Exposes Risks of Insider Access

The case exposes how trusted access inside ransomware response operations can be used against victims. Companies negotiating during an attack may disclose payment limits, business pressures, recovery options, and other sensitive information to specialists hired to assist them.

In Martino’s case, prosecutors said those confidential details were passed directly to the ransomware operators applying pressure on the same companies.

US authorities disrupted the BlackCat operation in December 2023 after the FBI gained access to parts of the group’s computer network. Investigators developed a decryption tool that helped hundreds of victims restore affected systems without paying ransom demands.

According to the Department of Justice, the operation prevented an estimated $99 million in ransom payments and included the seizure of websites used by BlackCat members.





Source link