Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals extort companies in cyberattacks.

On Monday, the U.S. Justice Department announced the guilty plea. Martino, who used to work for cybersecurity firm DigitalMint, admitted to playing both sides of the negotiation in five different incidents. While ostensibly working for the victims, Martino admitted to feeding confidential information back to the operators of the ALPHV/BlackCat ransomware, providing them information such as the victim’s insurance policy limits, as well as their negotiation strategies.

Martino’s goal was to maximize the criminals’ payout, for which he took a cut, prosecutors said. He is the third ransomware negotiator in the past year to face jail for the same scheme.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said Assistant Attorney General A. Tysen Duva in the press release. “Instead, he betrayed them and began launching ransomware attacks himself by assisting cyber criminals and harming victims, his own employer, and the cyber incident response industry itself.”

ALPHV/BlackCat operated as a ransomware-as-a-service, meaning the gang develops and maintains the file-locking malware, while contractors working as affiliates deploy it in cyberattacks and pay a portion of the ransom profits back to the developers.

Last year, U.S. prosecutors accused another DigitalMint employee, Kevin Tyler Martin, as well as Ryan Clifford Goldberg, a former incident response manager at cybersecurity giant Sygnia, of going rogue and helping the ransomware gang that they were ostensibly working to counter during their day jobs.

At the time, the authorities mentioned a third individual, without naming him, as being part of this scheme. We now know that it was Martino.

Techcrunch event

Meet your next investor or portfolio startup at Disrupt

Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $410.

Meet your next investor or portfolio startup at Disrupt

San Francisco, CA

October 13-15, 2026

Martino pleaded guilty to extortion and faces up to 20 years in prison. Authorities said they have already seized $10 million in assets from him.

According to the Justice Department, Martino also admitted to helping Goldberg and Martin deploy ALPHV/BlackCat’s ransomware against several victims inside the U.S. for six months in 2023. The three essentially became ALPHV/BlackCat affiliates during that time, making more than $1.2 million from one victim, according to prosecutors.

When reached for comment on Tuesday, an unnamed DigitalMint spokesperson told TechCrunch in a statement that the company had no knowledge of Martino’s criminal actions and that it fired the two employees after learning of the accusations against them.

In 2023, an international coalition of law enforcement authorities seized the dark web leak site of ALPHV/BlackCat, disrupting its operations. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims to restore their systems.

Topics

ALPHV, BlackCat, cybercrime, cybersecurity, hackers, hacking, ransomware, Security

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Lorenzo Franceschi-Bicchierai

Senior Reporter, Cybersecurity

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio

April 30

San Francisco, CA

StrictlyVC kicks off the year in SF. Get in the room for unfiltered fireside chats with industry leaders, insider VC insights, and high-value connections that actually move the needle. Tickets are limited.

Ransomware negotiator pleads guilty to helping ransomware gang