A former cyber recovery specialist who exploited his position as a trusted ransomware negotiator to secretly feed victim information to attackers has been sentenced to 70 months (nearly six years) in federal prison.
The Insider Betrayal
Angelo Martino worked at DigitalMint, a company that helps ransomware victims recover data and negotiate with threat actors. Rather than acting in his clients' interests, Martino covertly collaborated with ransomware co-conspirators — sharing confidential details about victims' financial positions, cyber insurance coverage, and negotiation strategies.
Armed with this insider intelligence, the ransomware operators could demand ransoms calibrated to maximize payments, knowing exactly how much victims could or would pay. The scheme enabled the conspirators to extract a combined $75.3 million from victim organizations.
The Scheme
Ransomware negotiation firms occupy a unique position of trust: victims share sensitive financial and operational details under the assumption that the negotiator is working solely on their behalf. Martino abused this access to:
- Disclose victim cyber insurance policy limits to attackers
- Share internal communications and negotiation positions
- Help attackers time and size demands for maximum extraction
- Facilitate faster ransom payments that benefited his co-conspirators
This type of insider threat in the ransomware ecosystem is particularly dangerous because victims have no visibility into whether their negotiator is acting in good faith.
Charges and Sentencing
Martino pleaded guilty to conspiracy charges related to the ransomware scheme. The 70-month sentence reflects the scale and nature of the betrayal — not only did Martino facilitate ransomware attacks, but he did so from a position specifically trusted to prevent victim harm.
The Department of Justice has increasingly pursued not just ransomware operators but the broader ecosystem of enablers: negotiators, cryptocurrency brokers, and infrastructure providers who profit from attacks.
Industry Implications
The case highlights a blind spot in the ransomware response industry:
- No universal licensing or regulation exists for ransomware negotiators
- Victims have limited ways to verify negotiator integrity
- Cyber insurance companies often recommend negotiators without independent vetting
- Insider collusion can dramatically increase ransom payments while appearing to be normal negotiation
Organizations dealing with ransomware incidents should consider:
- Vetting negotiation firms — look for transparency on their processes and potential conflicts of interest
- Compartmentalizing information — do not share more financial detail than strictly necessary
- Legal counsel oversight — involve counsel in negotiation decisions, especially around disclosure
- Parallel investigation — maintain independent forensic review to validate negotiator claims
Broader Ransomware Enforcement Trend
This sentencing follows a pattern of U.S. federal prosecutors expanding ransomware prosecutions beyond direct attackers to include the support networks that make extortion profitable. Similar cases have targeted cryptocurrency launderers, bulletproof hosting operators, and initial access brokers.
For the ransomware negotiation industry, the Martino case is a stark reminder that trust in the ecosystem is both its most valuable commodity and its most exploitable vulnerability.