Angelo Martino, previously a ransomware negotiator, has confessed to aiding cybercriminals in extorting companies through cyberattacks. This admission came to light following an announcement from the U.S. Justice Department.
Martino, who was employed by the cybersecurity firm DigitalMint, acknowledged his role in five separate incidents where he acted as a double agent. While ostensibly representing the victims, he disclosed confidential details to the ALPHV/BlackCat ransomware operators, including insurance policy limits and negotiation tactics.
Prosecutors revealed that Martino's intention was to enhance the criminals' profits, from which he received a share. He is the third negotiator in the past year to face legal consequences for similar actions.
"Angelo Martino's clients relied on him to manage ransomware threats effectively," stated Assistant Attorney General A. Tysen Duva. "Instead, he compromised their trust and contributed to the very attacks he was supposed to combat, thereby undermining the cybersecurity response industry."
ALPHV/BlackCat operates as a ransomware-as-a-service model, where the gang develops the malicious software while affiliates execute the attacks, sharing a portion of the ransom with the developers.
Last year, U.S. prosecutors also implicated another DigitalMint employee, Kevin Tyler Martin, along with Ryan Clifford Goldberg from cybersecurity firm Sygnia, for similar misconduct. They were accused of collaborating with the ransomware group they were hired to counteract.
Martino has pleaded guilty to extortion and could face a maximum sentence of 20 years in prison. Authorities have already confiscated $10 million in assets linked to him.
Moreover, Martino admitted to assisting Goldberg and Martin in deploying ALPHV/BlackCat's ransomware against multiple U.S. victims for six months in 2023. Together, they reportedly generated over $1.2 million from a single victim during this period.
A spokesperson from DigitalMint, who chose to remain anonymous, stated that the company was unaware of Martino's illegal activities and terminated the employment of the implicated individuals upon learning of the allegations.
In a significant move against cybercrime, an international coalition of law enforcement agencies disrupted ALPHV/BlackCat's operations in 2023 by seizing their dark web leak site. Authorities also provided a decryption tool that aided over 500 victims in recovering their compromised systems.
This case highlights the ongoing battle against cybercrime and the importance of trust in the cybersecurity industry. As technology evolves, it is crucial to foster integrity and accountability to safeguard against future threats.