A former ransomware negotiator has pleaded guilty to secretly working with the BlackCat ransomware group and consipring to launch attacks against multiple victims across the US.
Angelo Martino, 41, of Land O’Lakes, Florida, admitted one count of conspiracy to obstruct, delay or affect commerce or the movement of any article or commodity in commerce by extortion.
Martino, who is believed to have worked for incident response firm Digital Mint, is said to have begun colluding with the BlackCat ransomware group in April 2023.
Working as a negotiator for five corporate ransomware victims, he passed information such as insurance policy limits and internal negotiation positions to the group, so they could maximize their profits.
Martino was paid for this information, the Justice Department said.
Read more: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats
Martino went further than passing BlackCat information on his clients. He also admitted to conspiring with Ryan Goldberg of Georgia and Kevin Martin of Texas to deploy ransomware against various US victims between April and November 2023 – effectively working as a BlackCat affiliate.
A Multimillion-Dollar Scheme
It’s unclear how many of these attacks took place and how much revenue they generated, but the authorities said they have seized $10m in assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat.
According to court documents seen by Infosecurity, an unnamed hospitality firm paid the trio a ransom of $16.5m while a financial services firm paid $25.7m and a non-profit $26.8m. Other victims included retailers, manufacturers, medical companies, engineering firms and pharmaceuticals companies.
“Angelo Martino’s clients trusted him to respond to ransomware threats and help thwart and remedy them on behalf of victims,” said assistant attorney general A. Tysen Duva of the Justice Department’s Criminal Division.
“Instead, he betrayed them and began launching ransomware attacks himself by assisting cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.”
Martino will be sentenced on July 9 and faces a maximum penalty of 20 years behind bars.
The BlackCat group, also known as ALPHV, was estimated by the FBI to have made as much as $300m from hundreds of victims up to late 2023. On one occasion, an affiliate even threatened to report a victim to the US Securities and Exchange Commission (SEC), in a bid to pressure payment.
The group’s leak site was seized in December 2023 and a decryptor released for the ransomware, which experts claimed may have saved victims tens of millions of dollars in payments.