A former ransomware negotiator based in Florida has been sentenced to more than five years in prison for his role in a conspiracy to deploy ransomware and extort American companies. Angelo Martino, who worked for a US cybersecurity firm, was found to have collaborated with hackers, rather than protecting his clients.
The US Department of Justice confirmed Martino's sentencing, revealing that authorities had seized over $10 million in cryptocurrency and assets. These assets, which included a food truck and a luxury fishing boat, were allegedly purchased with funds obtained through the illicit cyberattacks.
Martino is the third individual to be incarcerated for this scheme. He followed the earlier convictions of cybersecurity professionals Kevin Martin and Ryan Goldberg. Prosecutors stated that the trio worked together throughout 2023 to deploy the notorious BlackCat ransomware against various companies across the United States. In one particularly successful attack, these cybersecurity professionals, operating as criminals, extorted a company for around $1.2 million, which they then laundered and divided among themselves.
This case sheds light on the unusual phenomenon of security professionals actively collaborating with malicious hackers. Governments globally have consistently advised victims of cyber extortion against paying ransoms, aiming to prevent cybercriminals from profiting. However, some companies still choose to pay in an attempt to protect sensitive customer data from being leaked.
The rise in extortion attacks has also led to the growth of a specialised insurance sub-sector in the US, focused on responding to ransomware and extortion incidents. Companies within this sector often employ negotiators to attempt to reduce the cost of ransom demands. BlackCat, also known as ALPHV, operates as a ransomware-as-a-service model, enabling independent hackers to lease access to its file-encrypting malware in exchange for a share of the profits from their cyberattacks. The group's ransomware gained notoriety for its use in the February 2024 breach of US health technology giant Change Healthcare, which exposed the medical and billing data of over 192 million Americans, although the specific affiliate hackers responsible for that incident were never identified.