Insider rot: Ransomware negotiators ran BlackCat attacks against their own clients

Angelo Martino, a former DigitalMint incident responder, pleaded guilty to running BlackCat ransomware operations against U.S. companies between April 2023 and April 2025, including organizations he was hired to defend. Working alongside two other negotiators from DigitalMint and Sygnia (Kevin Tyler Martin and Ryan Clifford Goldberg, who also pleaded guilty), Martino fed confidential negotiation positions and insurance policy limits directly to BlackCat operators, ensuring victims paid the maximum extractable amount. The trio operated as BlackCat affiliates, paying the gang a 20% cut for access to the extortion portal.

The scheme weaponized the structural trust placed in incident response. A negotiator sees the victim’s reserves, insurance ceiling, and walk-away threshold — exactly the data an attacker needs to price the demand. Identified victims included a financial services firm that paid $25.66M and a nonprofit that paid $26.79M, alongside law firms, school districts, and medical facilities. DigitalMint says it terminated Martino and Martin once the conduct surfaced.

The case exposes a control gap in the ransomware response economy: negotiation firms hold the most sensitive possible data about a victim mid-incident, with minimal external oversight of how that data flows. Martin and Goldberg face up to 20 years each. BlackCat itself extracted $300M+ from 1,000+ victims through September 2023 before its 2024 collapse.