US Charges Former DigitalMint Negotiator for Allegedly Partnering With BlackCat in Ransomware Extortion
Former DigitalMint ransomware negotiator Angelo Martino pleaded guilty to conspiring with ALPHV/BlackCat operators and U.S.-based accomplices to attack and extort American organizations while simultaneously serving in a trusted incident-response role. Prosecutors said Martino used insider access to share confidential victim information — including negotiation positions, strategies, and insurance policy limits — with BlackCat actors, helping drive up ransom demands. He was previously charged with conspiracy to interfere with interstate commerce by extortion after surrendering to U.S. Marshals, and he now faces up to 20 years in prison.
Court filings allege Martino worked with former DigitalMint negotiator Kevin Tyler Martin and former Sygnia incident response manager Ryan Goldberg in at least 10 attacks, including cases where five victims hired DigitalMint and were assigned Martino as their negotiator. Authorities said the group acted as BlackCat affiliates, paid the gang a 20% share for use of its ransomware and extortion portal, and extracted more than $75.25 million across multiple incidents, including payments exceeding $25 million and one Florida medical-sector extortion that yielded about $1.2 million in Bitcoin. Law enforcement has seized roughly $10 million or more in Martino’s assets, while DigitalMint said it was unaware of the scheme, fired the implicated employees, cooperated with investigators, and added stronger oversight, auditing, and logging controls.
Timeline
Jul 9, 2026
Martino sentencing scheduled for July 9
Following his April 21, 2026 guilty plea in the BlackCat insider-extortion case, Angelo Martino's sentencing was scheduled for July 9, 2026. The new reference identifies this court date as the next major procedural step in the case.
Apr 30, 2026
Goldberg and Martin sentenced in BlackCat extortion case
On April 30, 2026, Ryan Goldberg and Kevin Martin were each sentenced to four years in prison for deploying ALPHV/BlackCat ransomware against multiple U.S. victims in 2023. The Justice Department said they acted as BlackCat affiliates in a ransomware-as-a-service scheme and had previously pleaded guilty in December 2025.
Apr 21, 2026
Martino pleads guilty in BlackCat ransomware conspiracy case
On April 21, 2026, Angelo Martino pleaded guilty to conspiring with BlackCat/ALPHV operators and U.S.-based accomplices to deploy ransomware and extort U.S. victims. He admitted abusing his negotiator role to provide confidential client information, including insurance limits and negotiation strategies, to maximize ransom payments.
Mar 12, 2026
U.S. charges Martino in BlackCat insider-extortion scheme
Federal prosecutors unsealed charges against Angelo Martino in March 2026, accusing him of conspiracy to interfere with interstate commerce by extortion and of sharing confidential negotiation information with ALPHV/BlackCat while participating in attacks. Authorities also seized millions of dollars in cryptocurrency and other assets tied to him.
Mar 10, 2026
Martino surrenders to U.S. Marshals
Angelo Martino surrendered to the U.S. Marshals on March 10, 2026, in connection with allegations that he aided BlackCat attacks and abused his role as a ransomware negotiator. He was later released under bond and employment restrictions.
Feb 25, 2026
Federal complaint filed against Angelo Martino
A federal criminal complaint and supporting affidavit against Angelo Martino were filed on February 25, 2026, outlining allegations that he conspired with ALPHV/BlackCat affiliates and misused confidential ransomware negotiation information. The filing preceded his March 10 surrender and the later public unsealing of charges in March 2026.
Dec 1, 2025
Martin and Goldberg plead guilty in BlackCat extortion case
In December 2025, Kevin Tyler Martin and Ryan Goldberg pleaded guilty to conspiracy to obstruct commerce by extortion for their roles in the BlackCat-linked insider scheme. Their sentencings were later set for April 30, 2026.
Apr 4, 2025
DigitalMint terminates Martino after DOJ notification
DigitalMint said it fired Angelo Martino the day after suspending his access following DOJ notification. The company also said it later strengthened oversight, auditing, and logging controls around negotiations.
Apr 3, 2025
DOJ alerts DigitalMint about Martino's alleged conduct
DigitalMint said the Justice Department notified the company about Angelo Martino's alleged criminal activity on April 3, 2025. The company then suspended his access and began cooperating with law enforcement.
Dec 1, 2023
FBI disrupts BlackCat infrastructure and offers decryptor to victims
In December 2023, the Justice Department and FBI disrupted BlackCat/ALPHV by seizing its websites and deploying an FBI-developed decryptor. Authorities said the action helped victims avoid roughly $99 million in ransom payments.
Apr 1, 2023
Martino, Martin, and Goldberg conduct BlackCat-linked attacks
Between April and November 2023, Angelo Martino, Kevin Tyler Martin, and Ryan Goldberg allegedly deployed ALPHV/BlackCat ransomware against multiple U.S. victims while also using insider knowledge from incident response and negotiation work. Prosecutors say the broader scheme ultimately involved at least 10 attacks in 2023 and more than $75.25 million in ransom payments.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
5 more from sources like cyberscoop, us department of justice, darkwebinformer, scworld and toms hardware
Related Stories
Insider Ransomware Attacks by Cybersecurity Professionals Using BlackCat
Three former employees of cybersecurity firms DigitalMint and Sygnia have been indicted for orchestrating a series of BlackCat (ALPHV) ransomware attacks against five U.S. companies between May and November 2023. The accused, including Kevin Tyler Martin and Ryan Clifford Goldberg, allegedly abused their positions as incident response professionals to gain unauthorized access to victim networks, deploy ransomware, steal sensitive data, and demand cryptocurrency ransoms ranging from $300,000 to $10 million. The Department of Justice and FBI state that the group operated as BlackCat affiliates, with at least one successful extortion resulting in a $1.27 million payment from a Tampa medical device manufacturer after its servers were encrypted. The indictment details additional targets, including a Maryland pharmaceutical company, a California doctor's office, a California engineering firm, and a Virginia drone manufacturer, though it is unclear if further ransom payments were made. DigitalMint and Sygnia have both denied organizational involvement, terminated the implicated employees, and are cooperating with law enforcement. The case highlights the risk of insider threats within cybersecurity firms and the sophisticated tactics used by ransomware operators to exploit trusted access for criminal gain.
1 months ago
Cybersecurity Professionals Plead Guilty to ALPHV/BlackCat Ransomware Attacks
Two cybersecurity professionals, Ryan Goldberg and Kevin Martin, have pleaded guilty to conspiracy charges after using their positions as a ransomware negotiator and incident response manager to conduct ransomware attacks with the ALPHV/BlackCat group. The pair, along with an unnamed co-conspirator, leveraged their infosec expertise to compromise five organizations—including a medical device company, a pharmaceutical firm, a doctor's office, an engineering company, and a drone manufacturer—between May and December 2023. They agreed to pay ALPHV administrators 20% of any ransom collected in exchange for access to the ransomware platform. The only successful extortion resulted in a $1.2 million bitcoin payment from the medical device company, which was split among the perpetrators, with a portion sent to ALPHV. Patient photos stolen from the doctor's office were published on the gang’s leak site. Goldberg and Martin face up to 20 years in prison, with sentencing scheduled for March. Authorities highlighted the betrayal of trust, as both men used their cybersecurity training and privileged access to facilitate the very crimes they were supposed to prevent.
1 months ago
Guilty Pleas in Major Cyber-Enabled Fraud and Ransomware Operations
U.S. authorities secured guilty pleas in two separate cyber-enabled criminal cases: a Ghana-based fraud ring that stole more than **$100 million** via **business email compromise (BEC)** and romance scams, and a **Phobos** ransomware administrator tied to a global extortion operation. The cases highlight parallel monetization paths—social engineering and payment redirection in BEC/romance schemes versus data encryption and extortion in ransomware-as-a-service (RaaS)—and both involve international arrests/extraditions to the United States. In the fraud case, **Derrick Van Yeboah** (40) pleaded guilty to conspiracy to commit wire fraud and agreed to pay **over $10 million** in restitution for his role in a Ghana-based operation that targeted U.S. victims from 2016 to May 2023, using spoofed emails to impersonate customers/employees and laundering proceeds through U.S. intermediaries before sending funds to coordinators in West Africa. Separately, **Evgenii Ptitsyn** (43) pleaded guilty to wire fraud conspiracy for helping develop, sell, distribute, and operate the **Phobos** ransomware platform, which the U.S. DoJ says hit **1,000+** entities and extorted **$16+ million**; he was arrested in South Korea in 2024, extradited to the U.S., and faces up to **20 years** in prison, with sentencing scheduled for July 15.
1 months ago