The Negotiator’s Betrayal
Here’s a story that should make you angry, then make you think.
Angelo Martino was a ransomware negotiator. His job: when a company got encrypted by criminals, Martino talked to those criminals and tried to get the ransom down. It’s a grim line of work — you’re bargaining with people who’ve already proven they’ll break things, and your client is bleeding money by the hour. But it’s honest work, if you do it right.
Martino didn’t do it right.
He was sentenced to 70 months in prison yesterday after pleading guilty to colluding with the BlackCat/ALPHV ransomware group — the same people he was hired to negotiate against. The FBI’s Cyber Division put it bluntly: he “sold out the very victims he was hired to represent.”
How It Worked
Martino worked for a company called DigitalMint. His role gave him access to everything: what the victim could afford to pay, what insurance would cover, where the red lines were. Instead of using that information to drive the ransom down, he fed it to BlackCat to drive ransoms up. For a cut of the proceeds.
The scale is staggering. Five victims he was “helping” paid over $75 million in ransoms. Individual payments ranged from $213,000 to $26.8 million. That’s not pocket change — those are companies that probably never fully recovered.
He didn’t stop there. Martino, along with two co-conspirators (a fellow DigitalMint negotiator and an incident manager at security firm Sygnia), opened their own BlackCat affiliate account and deployed ransomware directly against five more victims. They successfully extorted $1.2 million from a medical device company. The others didn’t pay, but still got wrecked by the attack itself.
Martino used his cut to buy two Florida houses, a boat, and several vehicles. The FBI seized what was left.
The Obvious Objection
You might say: “This is one bad actor, not a systemic problem.”
It’s true — most security professionals are honest. But Martino wasn’t alone in this scheme. Two other people at two different companies were in on it. That’s not one bad apple. That’s a cluster.
The deeper problem is structural. When you hire a ransomware negotiator, you’re bringing in someone whose incentives are only aligned with yours if they choose to be honest. They know your limits. They know what you’ll pay. They sit in the room with the enemy and the enemy knows they know. If the negotiator decides, quietly, that a bigger ransom is better for them, you’d never find out until it’s too late.
The Counterargument
“But the industry is full of reputable firms who’ve handled thousands of cases without incident.”
Fair. And most have. But the fact that a) it took the FBI years to catch this, b) multiple people at multiple firms were involved, and c) the scheme ran for six months before anyone noticed — that tells you the checks aren’t as tight as they should be.
The security industry sells trust. That’s the product. When you’re breached and panicking, you don’t audit the negotiator’s crypto wallet. You pay the ransom, take the write-off, and try to forget it happened. That opacity is exactly what makes this kind of betrayal possible.
Where I Land
Martino got 70 months. The co-conspirators each got four years. That’s something, but $75 million of damage done and six years of one guy’s life isn’t going to rebuild those companies or re-earn the trust the industry lost.
The real fix isn’t harsher sentences — it’s structural. If you’re in the ransomware negotiation business, your communications should be logged, auditable, and reviewed by someone who isn’t you. Your financial transactions should be transparent to the client. The trust model needs a second factor.
Because here’s the thing: Martino didn’t hack anyone. He didn’t break any encryption. He just sat at the table and sold information that was given to him in confidence. That’s not a technical failure. That’s a failure of trust — and you can’t patch that with software.
Sources: Ars Technica reporting on the sentencing of Angelo Martino; FBI Cyber Division statement. Background on the BlackCat/ALPHV ransomware group from prior coverage.