Former Ransomware Negotiator Becomes the Criminal
Angelo Martino, who worked as a ransomware negotiator — a professional who would traditionally help victim organizations navigate extortion demands and minimize damage — has been sentenced to 70 months (nearly six years) in federal prison after being convicted of helping the BlackCat/AlphV ransomware group extort multiple victims.
According to court documents reported by SecurityWeek, Martino did not merely negotiate on behalf of victims. Instead, he used his position of trust to assist the criminal operators: passing information about victim defences, influencing negotiations in favour of the attackers, and facilitating extortion payments that enriched the gang rather than protecting victims.
The Insider Threat Dimension
The case is notable as the third documented instance of a US-based cybersecurity professional being imprisoned for collaboration with a ransomware group. The emerging pattern raises serious concerns within the industry about insider threats in adjacent roles — negotiators, incident responders, and consultants who gain privileged access to victim environments during crises.
Previous cases have involved security contractors who tipped off attackers about patch timelines and a former IR consultant who sold victim network information. Together, these cases illustrate that the ransomware ecosystem actively recruits from the security community, exploiting financial incentives and pre-existing relationships.
BlackCat/AlphV: A Sophisticated RaaS Operation
BlackCat/AlphV operated one of the most technically advanced Ransomware-as-a-Service (RaaS) platforms between 2021 and 2023. Written in Rust for cross-platform capability, it targeted Windows, Linux, and VMware ESXi hypervisors. The FBI disrupted BlackCat infrastructure in late 2023, but the group attempted a brief resurgence before going dark following the Change Healthcare attack — one of the most damaging ransomware incidents in US healthcare history.
Sentencing Details
| Detail | Value |
|---|---|
| Defendant | Angelo Martino |
| Sentence | 70 months federal prison |
| Jurisdiction | US Federal Court |
| Gang Assisted | BlackCat / AlphV (RaaS) |
| Role | Former ransomware negotiator |
Implications for the Incident Response Industry
The Martino case is expected to prompt increased scrutiny of ransomware negotiation firms and incident response contractors. Industry observers are calling for:
- Background checks and vetting for all IR personnel with access to victim environments
- Transparency requirements on financial arrangements between negotiators and ransomware operators
- Regulatory oversight of the ransomware negotiation industry, which currently operates with minimal formal standards
For CISOs, the takeaway is clear: third-party incident responders and negotiators should be treated as privileged insiders, subject to the same access controls and monitoring applied to internal staff.