Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang


Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang

Pierluigi Paganini
July 10, 2026

A former ransomware negotiator was sentenced to nearly six years for secretly helping BlackCat extort victims while betraying his clients.

A U.S. court sentenced former ransomware negotiator Angelo Martino, 41, to 70 months in prison for conspiring with the BlackCat ransomware gang. While negotiating on behalf of five victims, he secretly shared confidential information about their strategies and willingness to pay with the attackers.

Prosecutors described him as a “double agent” who helped maximize ransom payments while profiting from the criminal operation.

“Angelo Martino, 41, of Land O’Lakes, Florida, formerly employed as a ransomware negotiator, was sentenced today to 70 months for his role in conspiring with Blackcat/ALPHV (BlackCat) actors to extort multiple victims, as well as conspiring with other former cybersecurity professionals to attack additional victims in 2023.” reads the press release published by DoJ.

In April, Martino admitted to helping the BlackCat ransomware group while working for a U.S. incident response firm.

The man secretly shared sensitive client details with attackers, like insurance limits and negotiation strategies, while acting as a ransomware negotiator. This information came from five victim cases starting in April 2023 and helped the gang demand higher ransoms. In return, he was reportedly paid by the ransomware operators.

“Angelo Martino’s victims shared heartbreaking accounts of how their businesses were nearly destroyed, while the people they hired to help them instead betrayed them to ransomware gangs,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division. “Today’s sentence accounts for the harm Martino caused and demonstrates that the Department of Justice can and will identify and prosecute cybercriminals to the fullest extent of the law.”

Angelo Martino conspired with Ryan Goldberg and Kevin Martin to deploy BlackCat ransomware group attacks in the U.S. between April and Nov 2023. Using their cybersecurity skills, they helped extort multiple victims, including one paying about $1.2M in Bitcoin. The proceeds were split among them and laundered through different channels. Law enforcement later seized about $10M in assets from Martino, including crypto, vehicles, a food truck, and a luxury fishing boat bought with illicit funds.

“To date, law enforcement has seized $10 million of assets from Martino, including digital currency, vehicles, a food truck, and a luxury fishing boat that Martino obtained through the scheme.” concludes the report. “A hearing to determine the amount of restitution to be ordered against Martino is set for Sept. 17.”

In January, 2026, the U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023.

Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware against U.S. victims from April to December 2023, sharing 20% of ransoms with operators. Despite working in cybersecurity, they extorted about $1.2M in Bitcoin from one victim, split the proceeds, and laundered the funds.

In November, U.S. prosecutors charged Ryan Clifford Goldberg, Kevin Tyler Martin, and another Florida-based accomplice (aka “Co-Conspirator 1”) for using BlackCat ransomware to hack and extort five U.S. companies in 2023. The third person was identified in March 2026 as Angelo Martino, a 41-year-old from Florida. He worked as a ransomware negotiator at an incident response firm alongside Kevin Martin. The third conspirator, Ryan Goldberg, was employed at a separate cybersecurity company.

“Today’s announcement follows the Justice Department’s prior actions in December 2023 to disrupt BlackCat ransomware, during which the FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer hundreds of victims the capability of restoring their systems, saving victims approximately $99 million in ransom payments. At that time, the FBI also seized several websites operated by the BlackCat ransomware actors.” concludes DoJ.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, BlackCat ransomware)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


TL;DR

Meta stripped NameTag facial recognition code from its AI app one day after WIRED exposed it on 50 million phones. Meta says no decision has been made.

Meta removed nearly all traces of an unreleased facial recognition system from its smart glasses companion app on Friday, one day after WIRED reported that the software had been quietly embedded in an app installed on more than 50 million phones. The feature, which Meta internally called NameTag, was designed to convert faces captured by the company’s Ray-Ban smart glasses into unique biometric signatures and compare them against a database stored on the user’s device. WIRED also found that faces the system failed to recognise were cropped, indexed, and stored locally for future processing.

Andy Stone, Meta’s vice president of communications, told WIRED on Monday that the feature is “purely exploratory,” adding that no final decision has been made on what to do with it. That characterisation sits uneasily with the evidence WIRED documented. The version of Meta AI published the day of WIRED’s Thursday report contained several code libraries explicitly named for face recognition, a process for running the NameTag recognition pipeline, and a “Person recognised” alert the app would have shown if someone were identified.

Friday’s release stripped all of it out, along with a folder where the app would have stored the cropped images and biometric signatures of unrecognised faces. Meta did not answer WIRED’s questions about why the code was removed or whether the changes were planned before the story was published. A few fragments remain in the latest version, including an internal debug menu label and a dormant link meant to open a recognised person’s profile, pointing to parts of the system that are no longer there.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The gap between Meta’s public statements and the code WIRED found is the central tension. Before the Thursday report, Stone dismissed the findings by writing that the company could not answer questions about how the system would work because “the feature does not exist.” Andrew Bosworth, Meta’s chief technology officer, called the reporting “incredibly misleading” and “absolutely dishonest.” Yet the code was functional enough to include three AI models, one to detect faces, another to crop them, and a third to encode them as biometric data, all embedded in the companion app for a product already at the centre of a mounting privacy crisis.

Meta declined to answer ten questions WIRED posed before publishing, including whether it had already created the database of face profiles NameTag uses, how long the app retains photographs and biometric data of unrecognised people, and whether that data would ever be sent back to Meta’s servers. The company also did not respond to questions about whether it was building NameTag for blind or low-vision users, or to criticism from privacy advocates who warned the system could let stalkers and abusers identify strangers in public.

NameTag first surfaced in February, when The New York Times, citing internal Meta documents, reported that the company was developing face recognition for its smart glasses and considering a launch as early as this year. One internal memo reportedly described releasing the feature during a “dynamic political environment” when privacy and civil liberties advocates would be distracted by other concerns. WIRED subsequently found that much of NameTag’s machinery had been built into the Meta AI app as early as January, months before any public acknowledgement, adding another layer to the company’s pattern of shipping first and disclosing later when it comes to its smart glasses.

Kade Crockford, director of the technology for liberty programme at the American Civil Liberties Union of Massachusetts, said the removal does not undo the original decision to ship the code and pointed to it as evidence that consumer privacy needs stronger legal protection than Congress has been willing to provide. The Massachusetts House of Representatives last week unanimously passed a consumer privacy bill that, if enacted as written, would impose strong enforcement provisions including a private right of action allowing aggrieved users to sue. “State lawmakers need to do their job and step up to protect consumer privacy,” Crockford said.

Meta’s sneaky tactics in slipping the face-recognition code into its smart glasses show exactly why data privacy bills need the teeth of strong enforcement,” Crockford added. “Companies like Meta prioritise their bottom line, so lawmakers need to speak in the only language its C-suite understands.” Whether a code removal prompted by investigative reporting constitutes a victory or merely a tactical retreat depends on what Meta does next, and on whether the regulatory pressure building on both sides of the Atlantic produces enforceable consequences before the feature quietly returns under a different name.



Source link