Ransomware Negotiator Pleads Guilty to Being Ransomware Negotiator's Worst Enemy

In a plot twist that surprises absolutely no one who has ever watched a crime drama, Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping the very cybercriminals he was supposedly fighting. The U.S. Justice Department announced the guilty plea on Monday, revealing that Martino, who used to work for cybersecurity firm DigitalMint, admitted to playing both sides in five different incidents.

While his job title suggested he was helping victims, Martino was actually feeding confidential information - like insurance policy limits and negotiation strategies - back to the operators of the ALPHV/BlackCat ransomware gang. His goal, according to prosecutors, was to maximize the criminals' payout so he could take a cut. He is now the third ransomware negotiator in the past year to face jail for this exact, deeply unoriginal scheme.

Assistant Attorney General A. Tysen Duva summed up the betrayal with bureaucratic flair, stating Martino "betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself." The ALPHV/BlackCat gang operates on a ransomware-as-a-service model, where affiliates deploy the malware and share profits with the developers.

Martino's plea connects the dots on a previously unnamed third individual in a scheme that also involved Kevin Tyler Martin, another DigitalMint employee, and Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia. All were accused of helping the ransomware gang they were paid to counter. Martino pleaded guilty to extortion and faces up to 20 years in prison, with authorities having already seized $10 million in assets from him.

According to the Justice Department, Martino also admitted to helping Goldberg and Martin deploy ALPHV/BlackCat's ransomware against several U.S. victims for six months in 2023. The trio essentially became affiliates, making more than $1.2 million from one victim alone. When reached for comment, an unnamed DigitalMint spokesperson stated the company had no knowledge of Martino's actions and fired the employees after learning of the accusations.

In a related but slightly more heroic note, an international coalition of law enforcement authorities seized ALPHV/BlackCat's dark web leak site in 2023, disrupting its operations and releasing a decryption tool to help more than 500 victims restore their systems. So, some good news, buried under a pile of blatant corruption.