Ransomware dealer pleads guilty to helping ransomware gang

Angelo Martino, a former ransomware negotiator, has pleaded guilty to helping cybercriminals blackmail companies in cyberattacks.

On Monday the US Department of Justice was announced the guilty plea. Martino, who worked for cybersecurity firm DigitalMint, admitted to playing both sides of the deal in five separate incidents. While ostensibly working for the victims, Martino admitted to feeding confidential information to the operators of the ALPHV/BlackCat ransomware, providing them with information such as the victim’s insurance policy limits, as well as their negotiation strategies.

Martino’s goal was to maximize the criminals’ payout, for which he took a cut, prosecutors said. He is the third ransomware dealer in the past year to face jail time for the same scheme.

“Angelo Martino’s clients trusted him to respond to ransomware threats and help prevent and remediate them on behalf of victims,” ​​Assistant Attorney General A. Tysen Duva said in the press release. “Instead, he betrayed them and began launching ransomware attacks himself, helping cybercriminals and harming victims, his own employer, and the cyber incident response industry itself.”

ALPHV/Black Cat operates as ransomware-as-a-service, meaning the gang develops and maintains the file-locking malware, while contractors working as affiliates deploy it in cyberattacks and pay a portion of the ransom profits to the developers.

Last year, US prosecutors charged another DigitalMint employee, Kevin Tyler Martin, as well as Ryan Clifford Goldberg, a former director of incident response at cybersecurity giant Sygnia, with going rogue and helping the ransomware gang ostensibly go about their day jobs.

At the time, authorities cited a third person, without naming him, as part of that scheme. Now we know it was Martino.

Martino pleaded guilty to racketeering and faces up to 20 years in prison. Authorities said they have already seized $10 million in assets from him.

According to the Justice Department, Martino also admitted to helping Goldberg and Martin deploy the ALPHV/BlackCat ransomware against multiple victims within the U.S. over six months in 2023. The three effectively became affiliates of ALPHV/BlackCat during that time, making more than $1.2 million from one victim, according to prosecutors.

When reached for comment on Tuesday, an unnamed DigitalMint spokesperson told TechCrunch in a statement that the company was unaware of Martino’s criminal activities and that it fired the two employees after learning of the allegations against them.

In 2023, an international coalition of law enforcement authorities seized the ALPHV/BlackCat dark leak site, shutting it down. At the same time, authorities also released a decryption tool to help more than 500 ALPHV victims restore their systems.