Security Consultant Who Secretly Fed Intel to BlackCat Ransomware Gang Gets Nearly Six Years
Angelo Martino was hired to help ransomware victims negotiate their way out. Instead, he sold their secrets to the criminals holding them hostage.

Key points
- Angelo Martino, 41, of Florida, was sentenced on 22 May 2025 to 70 months in prison after pleading guilty in April.
- Martino worked as a ransomware negotiator, someone paid to help victims deal with hackers, but secretly fed their strategies to the BlackCat criminal group instead.
- Authorities seized roughly $10 million in assets from Martino, including cryptocurrency, vehicles, a food truck, and a fishing boat.
- Two co-defendants, Kevin Martin and Ryan Goldberg, each received four-year prison terms in late April 2025.
- BlackCat, also called ALPHV, targeted more than 1,000 organisations between 2021 and December 2023 before its operations were disrupted.
A cybersecurity consultant hired to protect ransomware victims ended up being one of the biggest threats they faced.
Angelo Martino, 41, of Florida, was sentenced Thursday to 70 months in federal prison. He had pleaded guilty in April. Martino worked at a cybersecurity firm as a ransomware negotiator, meaning his job was to sit across the table from criminals who had encrypted, or scrambled and locked, a victim's files and help that victim pay as little as possible to get them back.
He was doing the opposite.
Starting in April 2023, Martino passed confidential information about his clients' negotiating positions directly to the operators of BlackCat, also tracked as ALPHV by several security vendors. In plain terms: he told the criminals exactly how much each victim was willing to pay, and how. The Justice Department says he helped extort at least five victims this way, in exchange for a cut of the ransoms.
How did nobody catch this sooner?
Martino's case was part of a broader federal investigation, first reported by SecurityWeek, that charged three people working inside cybersecurity firms. The other two, Kevin Martin of Texas and Ryan Goldberg of Georgia, were each sentenced to four years in April 2025. All three held trusted positions inside companies that victims paid specifically because they needed someone they could trust.
That is the core problem. When a company calls in a negotiator after a ransomware attack, they hand over sensitive financial information: how much the company can pay, what its insurance covers, how desperate it is to restore operations. Martino turned all of that into a product he sold to the attackers.
Authorities seized about $10 million in assets from him. The haul included cryptocurrency, two vehicles, a food truck, and a fishing boat. A restitution hearing is scheduled for September, where a judge will determine how much he owes victims.
BlackCat itself was dismantled by law enforcement in December 2023. Before it was shut down, the group hit more than 1,000 organisations. In a final twist, the gang collected a $22 million ransom from one last victim after the disruption and then vanished, pulling what is known as an exit scam on its own criminal affiliates. The US government continues to offer $10 million for information identifying the group's key members.
If your organisation ever hires outside help after a cyberattack, ask the firm how it vets its staff and whether it carries any form of professional liability coverage. The people you bring in to help should be verifiable.



