A Florida man has admitted to his role in orchestrating ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O’Lakes, collaborated with the BlackCat ransomware group to escalate the financial demands placed on multiple victims.
Martino was identified as a ransomware negotiator who divulged sensitive details about negotiations to the cybercriminals, misleading his clients and his own employer in the process. According to the U.S. Department of Justice (DoJ), he worked with five separate victims, sharing confidential information that included details about insurance coverage and negotiation strategies. This information was instrumental in maximizing the ransom amounts, for which Martino received compensation.
The investigation revealed that Martino partnered with two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, to successfully implement BlackCat ransomware across several organizations between April and November 2023. While Martino and Martin were employees of DigitalMint, Goldberg held a position as an incident response manager at Sygnia, a cybersecurity firm.
One notable incident involved the extortion of roughly $1.2 million in Bitcoin from one victim. The proceeds from this attack were subsequently divided among the conspirators and laundered through various avenues. Law enforcement agencies ultimately seized assets totaling $10 million from Martino, including cryptocurrency, vehicles, and luxury items.
Martino has pleaded guilty to conspiracy to obstruct commerce through extortion and faces a potential sentence of up to 20 years, with his sentencing scheduled for July 9, 2026. In December 2025, Goldberg and Martin both pleaded guilty to similar charges and are expected to face comparable penalties.
The DoJ’s Criminal Division underscored the betrayal of trust in this case, emphasizing that Martino’s actions caused harm not just to the victims but also undermined the integrity of the cybersecurity incident response sector. Assistant Attorney General A. Tysen Duva stated, “Instead of protecting clients from ransomware threats, Martino actively contributed to their victimization.”
As businesses navigate an increasingly complex cybersecurity landscape, incidents like this highlight the necessity for robust security protocols and vigilant oversight, especially regarding individuals entrusted with sensitive information. The tactics employed in this attack intersect with several MITRE ATT&CK categories, primarily focusing on initial access through social engineering, as well as exfiltration and impact techniques that led to the successful extortion of funds.
This case serves as a reminder of the evolving tactics used by cybercriminals in the digital age. Companies must remain vigilant, ensuring their cybersecurity practices are both rigorous and adaptive to fend off such threats effectively.