Ethical Hacking News
The US Department of Justice has charged another former DigitalMint employee for his involvement in an insider scheme linked to BlackCat ransomware attacks, marking a significant development in the ongoing fight against these illicit operations. With the charges filed on March 10, 2026, Angelo Martino faces one count of conspiracy to interfere with interstate commerce by extortion.
Angelo Martino, a former DigitalMint employee, has been charged with conspiracy to interfere with interstate commerce by extortion for his involvement in an insider scheme with BlackCat ransomware operation.Martino shared confidential information about ongoing negotiations with BlackCat operators while working as a ransomware negotiator for DigitalMint.The indictment alleges Martino was directly involved in ransomware attacks alongside accomplices, who operated as BlackCat affiliates and demanded ransom payments from victims.At least five U.S. organizations were targeted, including a Tampa-based medical device manufacturer that paid $1.27 million in ransom.DigitalMint CEO Jonathan Solomon condemned the conduct, stating the company had terminated Martino and Martin after learning of their actions.The case highlights the payment of ransomware gangs by data recovery firms without disclosing those payments, a phenomenon reported on by ProPublica in 2019.
In a significant development that highlights the evolving landscape of ransomware attacks, the U.S. Department of Justice has charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. Angelo Martino, who had previously been identified as "Co-Conspirator 1" in a separate indictment, has now been formally charged with one count of conspiracy to interfere with interstate commerce by extortion.
According to unsealed court documents, Martino shared confidential information regarding ongoing negotiations with BlackCat operators while working as a ransomware negotiator for DigitalMint, a cybersecurity company specializing in ransomware incident responses. This breach of trust not only compromised the integrity of DigitalMint's operations but also facilitated the furtherance of illicit activities by the conspirators.
The indictment alleges that Martino was directly involved in ransomware attacks alongside accomplices Kevin Tyler Martin (a former DigitalMint employee) and Ryan Goldberg (a former Sygnia incident response manager). The defendants allegedly operated as BlackCat affiliates, demanding ransom payments while threatening to leak data stolen from victims' networks. Prosecutors claim that the defendants were paying the BlackCat administrators a 20% share of collected ransoms in exchange for access to the ransomware and extortion portal.
The list of victims included at least five U.S. organizations, among them a Tampa-based medical device manufacturer that paid a $1.27 million ransom. Other targets include organizations and companies across a wide range of industries, such as medical facilities, law firms, school districts, and financial services companies. The scope of this insider scheme is troubling, particularly given the involvement of a reputable cybersecurity company like DigitalMint.
In response to these allegations, DigitalMint CEO Jonathan Solomon condemned the conduct, stating that the company had terminated both Martino and Martin after learning of their actions and had fully cooperated with law enforcement from the outset of the investigation. "We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards, and the law," Solomon said. "When we learned about the conduct, we immediately terminated both individuals."
The DigitalMint CEO also emphasized that the company has strengthened its safeguards and internal controls to further reduce the likelihood of similar conduct in the future. While this development may not provide immediate relief for the victims of these ransomware attacks, it serves as a reminder of the ongoing importance of cybersecurity awareness and vigilance.
To understand the broader implications of this case, it is essential to examine the history of BlackCat ransomware and its associated cybercrime gang. The FBI has previously linked BlackCat to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau reported that the cybercrime gang raked in at least $300 million in payments from over 1,000 victims until September 2023.
This case also highlights a long-standing issue in the cybersecurity community: the payment of ransomware gangs by data recovery firms without disclosing those payments. ProPublica reported on this phenomenon in 2019, shedding light on the secret deals that have facilitated the growth and prosperity of these malicious actors.
In conclusion, the charges against Angelo Martino represent a significant step forward in the ongoing efforts to disrupt the BlackCat ransomware operation and bring its operators to justice. As the cybersecurity landscape continues to evolve, it is crucial that organizations prioritize their security posture and remain vigilant in the face of emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Charges-Another-Ransomware-Negotiator-Linked-to-BlackCat-Attacks-A-Complex-Web-of-Insider-Schemes-and-Extortion-ehn.shtml
https://www.bleepingcomputer.com/news/security/us-charges-another-ransomware-negotiator-linked-to-blackcat-attacks/
https://www.justice.gov/opa/pr/two-americans-plead-guilty-targeting-multiple-us-victims-using-alphv-blackcat-ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
https://analyst1.com/threat-actors/blackcat-alphv-threat-profile/
https://en.wikipedia.org/wiki/BlackCat_(cyber_gang)
Published: Thu Mar 12 08:24:43 2026 by llama3.2 3B Q4_K_M
