Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1860+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks
NEWS

Ransomware Negotiator Gets 70 Months in Prison for Aiding BlackCat Attacks

A 41-year-old former cybersecurity professional has been sentenced to 70 months in federal prison for conspiring with the now-defunct BlackCat ransomware group to extort victims and coordinating additional attacks alongside two other cybersecurity professionals.

Dylan H.

News Desk

July 12, 2026
4 min read

Former "Negotiator" Sentenced to Nearly Six Years for BlackCat Conspiracy

A 41-year-old former cybersecurity professional has been sentenced to 70 months (approximately five years and ten months) in federal prison for their role in a conspiracy with the BlackCat / ALPHV ransomware group. The sentence follows a conviction for conspiring to extort multiple victims and coordinating ransomware attacks alongside two other individuals with cybersecurity backgrounds.

The case is a stark reminder that acting as a ransomware "negotiator" while secretly coordinating with — or profiting from — the attackers constitutes a serious federal crime.


Background: The BlackCat / ALPHV Ransomware Group

BlackCat (also tracked as ALPHV) was one of the most prolific Ransomware-as-a-Service (RaaS) operations of the early 2020s. Active from approximately 2021 until its disruption in 2024, the group was responsible for attacks on hundreds of organizations globally, including:

  • Healthcare providers and hospitals
  • Critical infrastructure operators
  • Government agencies
  • Financial institutions

BlackCat operated a sophisticated affiliate model, providing ransomware tooling and infrastructure to affiliates who conducted intrusions and split ransom proceeds with the core group. The FBI disrupted BlackCat operations in December 2023, seizing infrastructure and releasing a decryption tool — but the group attempted a brief revival before ultimately ceasing operations.


The Defendant's Role

According to the DOJ, the defendant — a cybersecurity professional presenting themselves as a legitimate ransomware negotiator — was in fact:

  1. Coordinating with BlackCat operators to facilitate ransom payments and extortion
  2. Assisting in targeting additional victims alongside two other cybersecurity professionals
  3. Profiting from the ransom payments negotiated in a dual-sided capacity

The scheme exploited the legitimate demand for ransomware negotiation services — a real field where incident response firms help victims assess demands, communicate with attackers, and recover systems. By secretly aligning with the attackers, the defendant violated victims' trust while positioning themselves as their advocate.


Charges and Sentence

ItemDetail
ChargeConspiracy to Commit Extortion
Sentence70 months federal prison
Age at sentencing41 years old
Co-conspirators2 additional cybersecurity professionals
JurisdictionU.S. Federal Court

The 70-month sentence (≈ 5.8 years) reflects the severity of the conspiracy and the multiple victims involved. Federal sentencing guidelines for extortion-related offenses weigh factors including the number of victims, total financial harm, and the defendant's role in the scheme.


Why This Case Matters

The "Insider Threat" in Incident Response

This case highlights a concerning attack vector: the abuse of trusted incident response and negotiation roles. Organizations paying for ransomware negotiation services assume the negotiator is acting solely in their interest. When that assumption is violated by someone coordinating with the attacker, it compounds the harm — victims pay more, recover less, and may be targeted again.

DOJ Signaling

The sentence sends a clear message from the DOJ:

Cybersecurity credentials do not provide cover for criminal activity. Professionals who knowingly facilitate ransomware extortion — regardless of the role they claim — will face the same criminal liability as the attackers themselves.

This aligns with broader DOJ and CISA initiatives to hold ransomware ecosystem participants — not just operators — criminally accountable.


Guidance for Organizations

Vetting Incident Response Partners

When engaging ransomware negotiators or incident response firms:

  1. Verify credentials and reputation — look for established firms with verifiable client histories and industry affiliations (CISA-approved IR firms, vetted through cyber insurance providers)
  2. Require transparency — demand full documentation of all communications with threat actors
  3. Engage legal counsel in parallel — your attorneys can independently assess negotiation strategy
  4. Never pay ransoms without law enforcement notification — the FBI and CISA both recommend engaging them early; they may have decryption tools or intelligence on the specific group
  5. Audit payment flows — if a negotiator handles ransom payments directly, require escrow or direct payment control by your organization

Reporting

  • FBI: Report to your local FBI field office or via ic3.gov
  • CISA: Report at cisa.gov/report
  • Stop Ransomware: stopransomware.gov

Source: The Hacker News, July 2026

Related Reading

  • Ransomware Ecosystem Disruption: BlackCat Takedown and What Came Next
  • AI Safety Report 2026: Cyberattack Assistance and Criminal Liability
#Ransomware#BlackCat#ALPHV#Cybercrime#Law Enforcement#The Hacker News

Related Articles

Ryuk Operator Pleads Guilty; BlackCat/AlphV Conspirator Gets Nearly 6-Year Sentence

A Ryuk ransomware operator pleaded guilty in Oregon federal court while a BlackCat/AlphV conspirator received a 70-month prison sentence in Florida,...

3 min read

Third US Security Expert Sentenced to Prison for Helping Ransomware Gang

Angelo Martino, a former ransomware negotiator turned insider threat, was sentenced to 70 months in federal prison for actively assisting the...

3 min read

First VPN Dismantled in Global Takedown Over Use by 25

International authorities have disrupted a criminal VPN service called First VPN that was used by more than 25 ransomware groups to conceal network...

5 min read
Back to all News