A former ransomware payment negotiator for DigitalMint has pleaded guilty to his role in a coordinated extortion scheme that netted $75.3 million in ransomware payments from five victim companies. Angelo Martino worked as a negotiator — ostensibly helping victim organizations navigate ransomware incidents — while simultaneously acting as an accomplice in facilitating the extortion itself.
Who Is Angelo Martino?
Angelo Martino was employed by DigitalMint, a cryptocurrency and ransomware payment facilitation firm. DigitalMint offered services to help organizations respond to ransomware attacks, including advising on ransom negotiations and processing cryptocurrency payments to threat actors.
Martino's role placed him in a position of trust — companies under attack hired his services expecting neutral, professional guidance. Instead, according to prosecutors, he leveraged his insider access to assist the attackers, helping coordinate ransom demands and ensuring payments flowed to the criminal group.
The Extortion Scheme
According to the guilty plea and court filings:
| Detail | Value |
|---|---|
| Total extortion proceeds | $75.3 million |
| Number of victim companies | 5 |
| Martino's role | Ransomware payment negotiator (insider accomplice) |
| Employer | DigitalMint |
| Charges | Extortion conspiracy |
Martino helped his accomplices target victim organizations, coordinate ransom demands, and receive payment — using his position as a trusted intermediary to maximize payments and reduce the likelihood of victims refusing or going to law enforcement. The scheme represents a particularly egregious form of insider threat in the ransomware ecosystem, where victims trusted their negotiator to represent their interests.
The Ransomware Negotiation Industry
The ransomware payment facilitation industry emerged as ransomware attacks surged in the late 2010s. Firms like DigitalMint, Coveware, and others offered organizations professional services including:
- Assessing whether decryption was feasible without payment
- Negotiating ransom amounts down from initial demands
- Processing cryptocurrency payments to threat actors
- Providing post-incident analysis and reporting
The Martino case highlights the fundamental tension at the heart of this industry: negotiators with insider knowledge of victim financial capacity and decision-making represent a high-value target for corruption by ransomware gangs.
The Insider Threat Dimension
Ransomware negotiators are privy to extremely sensitive information:
- The victim's insurance coverage and payout limits
- Internal discussions about willingness to pay
- Business impact assessments (downtime cost per day)
- Legal strategy and law enforcement coordination status
An accomplice negotiator could use all of this information to maximize ransom demands and pressure victims, while appearing to act in the victim's interest. The Martino case confirms this threat is real and not merely theoretical.
Legal Consequences
Martino's guilty plea is a significant development in federal enforcement against the ransomware ecosystem. The DOJ has increasingly pursued not just the ransomware operators themselves but the broader support infrastructure that enables ransomware-as-a-business to function — including:
- Payment processors and cryptocurrency exchanges that knowingly facilitate payments
- Initial access brokers who sell network access to ransomware gangs
- Negotiators and intermediaries who profit from or enable extortion
The sentencing for Martino's extortion conspiracy plea has not yet been announced at the time of publication.
Lessons for Organizations Engaging Ransomware Negotiators
The Martino case surfaces important due diligence considerations for any organization that might engage a ransomware negotiation firm:
- Vet negotiation firms thoroughly — check references, legal standing, and whether the firm has ever been subject to regulatory or law enforcement scrutiny
- Compartmentalize sensitive information — limit what financial and strategic details are shared with negotiators to what is strictly necessary
- Engage legal counsel independently — have your own attorney involved in negotiations rather than relying solely on the negotiation firm
- Work with law enforcement early — FBI and CISA guidance strongly recommends reporting ransomware incidents; coordination with law enforcement may provide intelligence on known threat actors and compromise indicators
- Understand the negotiator's incentives — firms paid based on successful payment processing may have misaligned incentives compared to firms paid on a flat fee
Broader Context
This case follows a string of DOJ actions against ransomware ecosystem participants in 2026, including prosecutions of ransomware administrators, botnet operators, and initial access brokers. The Martino guilty plea demonstrates that law enforcement is successfully penetrating the trust relationships ransomware groups rely on — and that individuals who facilitate extortion, even indirectly, face serious criminal exposure.
Source: CyberScoop