The cybersecurity pro who was supposed to help companies out of ransomware nightmares has admitted he was secretly helping the hackers instead.
Angelo John Martino III, a 41-year-old former ransomware negotiator from Tampa, pleaded guilty Monday to conspiring with the BlackCat/ALPHV ransomware group to attack and extort U.S. companies, according to court filings. Prosecutors say Martino abused his position at an incident-response firm to leak confidential negotiation data to criminals, then teamed up with them to run attacks himself. He pleaded guilty to a federal extortion conspiracy charge and faces up to 20 years in prison, with sentencing set for July 9, 2026, as noted by The Hacker News.
According to a post by the U.S. Attorney's Office for the Middle District of Florida on X, prosecutors say Martino sold out his clients by secretly providing BlackCat operators with victims' insurance-policy limits and internal bargaining positions, then taking payments in return. The government says that kind of double-dealing not only hurt victims, it also shook confidence in the entire incident-response industry.
How prosecutors say the scheme worked
Prosecutors allege that Martino went beyond quiet leaks and formally signed up as an affiliate with the ALPHV ransomware operation. While officially negotiating on behalf of five client organizations, he was allegedly feeding the attackers inside information that let them crank up their ransom demands, according to CyberScoop.
Court documents cited in that reporting say the scheme ran between April and November 2023 and included at least one successful $1.2 million Bitcoin payment. That payout was allegedly split among the defendants and laundered, with a cut sent to the ALPHV administrators for using their ransomware platform.
Co-defendants and seized assets
Martino's guilty plea follows earlier pleas by Ryan Goldberg and Kevin Martin, who admitted to similar extortion conduct in December 2025, according to the U.S. Attorney's Office for the Southern District of Florida. Prosecutors say the three men worked as BlackCat affiliates, paying the ransomware administrators a share of each ransom in exchange for access to the malware and infrastructure.
Authorities have seized roughly $9 610 million in cryptocurrency and multiple luxury items tied to Martino, including vehicles and Florida properties, as reported by BleepingComputer.
DigitalMint and industry reaction
DigitalMint, the Chicago incident-response firm where Martino worked, said it cut ties as soon as federal officials came calling. The company told reporters it suspended his access and terminated him immediately after being notified by the Justice Department, according to the Chicago Sun-Times.
DigitalMint said it has cooperated with investigators and tightened internal safeguards to reduce insider risk, a message clearly aimed at reassuring corporate clients who trust incident-response teams with some of their most sensitive information.
Legal notes
Martino pleaded guilty to one count of conspiracy to obstruct, delay, or affect commerce by extortion (18 U.S.C. a7 1951(a)) and faces a statutory maximum sentence of 20 years in prison, as reported by The Hacker News. The case highlights growing federal scrutiny of how ransomware negotiations are conducted and comes on the heels of broader Department of Justice efforts to disrupt ALPHV/BlackCat that began in late 2023.
Federal officials are urging any organization hit by ransomware to contact its local FBI field office or file a complaint with the Internet Crime Complaint Center (IC3). Prosecutors say victims and witnesses with information about ALPHV/BlackCat should reach out to law enforcement, in line with the Department of Justice announcement.
