A third former ransomware negotiator at Chicago-based incident response firm DigitalMint has pleaded guilty to colluding with the ALPHV/BlackCat ransomware gang, with newly unsealed court papers revealing one nonprofit victim paid a ransom worth nearly $26.8 million. Angelo Martino, 41, joins former colleagues Ryan Clifford Goldberg and Kevin Tyler Martin in admitting to a scheme that weaponized confidential victim data against the very clients paying for protection.

What Happened

Florida resident Angelo Martino pleaded guilty on April 21, 2026, to assisting ALPHV/BlackCat in extorting five US businesses that had retained DigitalMint, referred to in court documents only as "Company-1," to manage incident response and ransom negotiations. Rather than advocating for victims, Martino fed the gang confidential intelligence including cyber insurance policy limits and internal perceptions of the negotiation process, enabling the operators to anchor demands at maximum extractable value. He also admitted to personally deploying the ALPHV/BlackCat ransomware payload alongside Goldberg and Martin against additional victims between April and November 2023.

What Was Taken

Court filings disclose individual ransom payments for the five DigitalMint client victims for the first time. A hospitality firm paid cryptocurrency worth $16,484,000 at the time of transfer. A nonprofit organization paid a ransom valued at nearly $26.8 million. A financial services company paid more than $25.6 million. A retail company paid $6.1 million, and a medical company paid $213,000. Beyond the dollar value, the conspirators exfiltrated and exploited insurance policy details, internal negotiation telemetry, and presumably the standard ALPHV double-extortion data trove from each compromised environment. Across a separate series of attacks the trio executed independently, they demanded more than $16 million.

Why It Matters

This case marks the third confirmed insider conversion at a single incident response provider, transforming what had appeared to be isolated misconduct into a systemic supply chain compromise of the ransomware response industry. Negotiators occupy a uniquely privileged position: they see insurance ceilings, board appetite, executive panic, and the precise leverage points an extortionist needs to maximize payout. When that role is corrupted, the victim is paying to be exploited twice. The cumulative roughly $75 million in disclosed payments illustrates how lucrative the betrayal proved and how completely the trust model around third-party negotiation can collapse.

The Attack Technique

The scheme combined classic insider threat tradecraft with active ransomware operations. As DigitalMint negotiators, the trio had legitimate access to victim cyber insurance documents, executive communications, and tactical negotiation positioning. Martino transmitted this information to ALPHV/BlackCat affiliates, who used the intelligence to set demands at or near insurance policy limits and to apply pressure calibrated to internal sentiment. Separately, Martino, Goldberg, and Martin obtained and deployed the ALPHV/BlackCat encryptor themselves against further targets between April and November 2023, operating as ad hoc affiliates of the gang they were paid to negotiate against. DigitalMint stated it was unaware of the conduct, terminated the employees upon DOJ notification, and cooperated with the investigation.

What Organizations Should Do

Sources: Third ransomware pro pleads guilty to cybercrime U-turn • The Register