A man who was supposed to help victims of ransomware attacks was actually helping the other side.
Angelo Martino, a 41-year-old from Florida and a former ransomware negotiator, pleaded guilty to conspiring to commit ransomware attacks against U.S. companies, according to the U.S. Department of Justice.
Citing court records, the DOJ said in a press release this week that Martino abused his role to collaborate with operators of BlackCat/ALPHV ransomware to attack and extort various companies and organizations across the U.S. in 2023.
Starting in April of that year, while working as a negotiator on behalf of five ransomware victims, Martino shared confidential information with BlackCat attackers about his clients’ positions and strategies to help maximize their ransom payments. That information included details such as victims’ insurance policy limits and other internal negotiation positions. Martino was paid by the attackers for this information, according to the DOJ.
Martino also worked with two other cybersecurity workers to successfully deploy BlackCat ransomware between April 2023 and November 2023 against multiple victims across the United States.
In one instance, the three men extorted a victim for roughly $1.2 million in Bitcoin and then split the proceeds.
Law enforcement has seized more than $10 million in assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat that were purchased with proceeds from the scheme.
“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division in a press release. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.”
TechCrunch reported that Martino was a former employee of the cybersecurity firm DigitalMint.
A spokesperson for the company told Gizmodo in an emailed statement that it had no involvement in or knowledge of the scheme. One of Martino’s co-conspirators was also a former employee of DigitalMint, whom U.S. prosecutors charged last year.
“The actions of Martino and his co-conspirators, unknown to the company, were in clear violation of the company’s values, ethical standards, and the law,” the spokesperson said. “Upon learning of the allegations from the Department of Justice, DigitalMint immediately terminated the employees involved and fully cooperated with federal authorities throughout the investigation.”
Martino is scheduled to be sentenced in July and faces a maximum sentence of 20 years in prison.
