The Negotiator Who Betrayed Victims to Empower Ransomware Gangs
A professional ransomware negotiator faces a 70-month prison sentence after secretly colluding with attackers to extort his own clients.
In a disturbing breach of trust within the cybersecurity industry, the role of the professional ransomware negotiator has been fundamentally compromised. Investigations have revealed that individuals hired to shield victimized organizations from malicious actors were instead operating as double agents, actively facilitating the very attacks they were paid to mitigate.
A Calculated Betrayal of Trust
Angelo Martino, a 41-year-old from Land O'Lakes, Florida, was identified as a key operative working against the interests of his own clients. Rather than assisting in damage control, Martino—alongside co-conspirators Ryan Clifford Goldberg and Kevin Tyler Martin—served as agents for the dreaded BlackCat (ALPHV) ransomware collective. These individuals leveraged their positions to gain intimate knowledge of corporate networks, ultimately infecting victims and sharing sensitive data with fellow attackers to inflate ransom demands.
The Cost of Criminal Collusion
The legal consequences for these actions have been significant, though they fall short of the maximum potential sentences. While the trio initially faced potential prison terms ranging from 10 to 20 years, they received more lenient sentences after court proceedings. The financial penalties are equally severe, involving the forfeiture of diverse assets acquired through illicit means.
Martino pleaded guilty and asked for a 24-month sentence, stating he “provided substantial assistance that contributed to the indictment and conviction of two co-defendants.”
Despite his attempts to secure a reduced term by highlighting his cooperation with authorities, the court sentenced Martino to 70 months in federal prison. This follows the earlier sentencing of his associates, Ryan Clifford Goldberg and Kevin Tyler Martin, both of whom received four-year sentences in April 2026 for their roles in the conspiracy.
Financial Impact on Targeted Entities
- 70 months in prison for Angelo Martino.
- $10 million in initial ransom demanded from a Florida medical device company.
- $1.2 million in ransom ultimately paid by the aforementioned medical device firm.
- 5 companies confirmed as victims, including entities in Florida, Maryland, California, and Virginia.
- 10% of any future salary Martino earns must be paid as restitution after his release.
Shifting Landscape of Incident Response
This case serves as a stark warning to organizations navigating the aftermath of a cyberattack. The reliance on third-party negotiators has now been cast into doubt, suggesting that the industry must implement more rigorous vetting processes for firms offering recovery assistance. For businesses and security teams, the realization that trusted intermediaries could be active ransomware participants underscores an urgent need for heightened internal oversight. Ensuring that those tasked with recovery have transparent, verifiable histories is no longer optional; it is a critical component of institutional risk management.