The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation.
Angelo Martino has been charged with one count of conspiracy to interfere with interstate commerce by extortion after surrendering to the U.S. Marshals on March 10.
According to unsealed court documents, Martino shared confidential information regarding ongoing negotiations with BlackCat operators while working as a ransomware negotiator for DigitalMint, a cybersecurity company specializing in ransomware incident responses.
Between April 2023 and April 2025, Martino was also directly involved in ransomware attacks alongside accomplices Kevin Tyler Martin (a former DigitalMint employee) and Ryan Goldberg (a former Sygnia incident response manager).
Martino was previously identified only as “Co-Conspirator 1” in an October 2025 indictment that charged Martin and Goldberg, who pleaded guilty and are scheduled to be sentenced in April.
The defendants allegedly operated as BlackCat affiliates, demanding ransom payments while threatening to leak data stolen from victims’ networks. Prosecutors also claimed that the defendants were paying the BlackCat administrators a 20% share of collected ransoms in exchange for access to the ransomware and extortion portal.
The list of victims included at least five U.S. organizations, among them a Tampa-based medical device manufacturer that paid a $1.27 million ransom. Other targets include organizations and companies across a wide range of industries, such as medical facilities, law firms, school districts, and financial services companies.
In a statement to BleepingComputer, DigitalMint CEO Jonathan Solomon condemned the conduct, noting that the company had terminated both after learning of Martin and Martino’s actions and had fully cooperated with law enforcement from the outset of the investigation.
“We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” Solomon said.
“DigitalMint has fully cooperated with law enforcement from the outset and does not expect further charges. While no organization can completely eliminate insider risk, we take incidents like this extremely seriously and have strengthened safeguards and internal controls to further reduce the likelihood of similar conduct.”
BlackCat ransomware was previously linked by the FBI to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau also said the cybercrime gang raked in at least $300 million in payments from over 1,000 victims until September 2023.
Years earlier, in 2019, ProPublica reported that some U.S. data recovery firms secretly paid ransomware gangs that were pressuring their clients with ransom demands, while charging customers for restoration services without disclosing those payments.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Related Articles:
Ransomware payment rate drops to record low as attacks surge
From Cipher to Fear: The psychology behind modern ransomware extortion
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Hacker mass-mails HungerRush extortion emails to restaurant patrons
Phobos ransomware admin pleads guilty to wire fraud conspiracy