Key facts
- Angelo Martino was sentenced to over five years in prison for conspiring with the BlackCat ransomware gang.
- The Department of Justice seized over $10 million in cryptocurrency and assets, including a food truck and a luxury fishing boat.
- Martino, along with Kevin Martin and Ryan Goldberg, deployed BlackCat ransomware against U.S. companies in 2023.
- One successful attack resulted in an extortion of approximately $1.2 million, which was split among the three individuals.
- BlackCat is a ransomware-as-a-service operation.
Florida man Angelo Martino has been sentenced to over five years in prison for conspiring with hackers to deploy ransomware while working as a ransomware negotiator for a U.S. cybersecurity company. The U.S. Department of Justice confirmed the sentence, stating that over $10 million worth of cryptocurrency and assets, including a food truck and a luxury fishing boat, were seized.
Martino is the third individual to be incarcerated for the scheme, joining cybersecurity professionals Kevin Martin and Ryan Goldberg. Prosecutors allege that the trio collaborated to deploy the BlackCat ransomware against U.S. companies throughout 2023. In one instance, they successfully extorted a company for approximately $1.2 million, subsequently laundering and splitting the funds.
This case represents a rare instance of security professionals allegedly aiding malicious hackers while employed. Despite government advice against paying ransoms, some companies do so to prevent the leak of customer data. The rise in extortion attacks has spurred the development of a specialized insurance sector in the U.S. focused on responding to ransomware and extortion incidents, often employing negotiators to reduce ransom costs.
BlackCat, also known as ALPHV, operates on a ransomware-as-a-service model, enabling independent hackers to rent its file-encrypting malware in exchange for a share of attack profits. The group's ransomware was notably used in the February 2024 hack of U.S. health technology giant Change Healthcare, which compromised sensitive medical and billing data of over 192 million individuals, although the specific affiliate hackers responsible for that breach remain unidentified.
