The U.S. Department of Justice has indicted Angelo Martino, a former DigitalMint employee, for his role in a covert scheme where ransomware negotiators collaborated with the BlackCat (ALPHV) ransomware group. Martino faces one count of conspiracy to interfere with interstate commerce by extortion and surrendered to U.S. Marshals on March 10.
Details of the Insider Plot
Court documents unsealed this week reveal that Martino shared sensitive negotiation details with BlackCat operators while employed as a ransomware negotiator at DigitalMint, a firm focused on ransomware incident response. From April 2023 to April 2025, he participated in attacks alongside Kevin Tyler Martin, another ex-DigitalMint staffer, and Ryan Goldberg, formerly with Sygnia incident response.
Martino appeared as “Co-Conspirator 1” in an October 2025 indictment against Martin and Goldberg, both of whom pleaded guilty and await sentencing in April. The trio operated as BlackCat affiliates, extorting victims by demanding ransoms and threatening to release stolen data. They reportedly paid BlackCat leaders a 20% cut of proceeds for ransomware tools and extortion access.
Victims and Ransom Payments
At least five U.S. organizations fell victim, including a Tampa-based medical device manufacturer that paid $1.27 million. Targets spanned industries like healthcare facilities, law firms, school districts, and financial services firms.
Company Response
DigitalMint CEO Jonathan Solomon condemned the actions, stating the company fired both Martino and Martin upon discovery and cooperated fully with investigators. “We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law,” Solomon said. “When we learned about the conduct, we immediately terminated both individuals. DigitalMint has fully cooperated with law enforcement from the outset and does not expect further charges. While no organization can completely eliminate insider risk, we take incidents like this extremely seriously and have strengthened safeguards and internal controls to further reduce the likelihood of similar conduct.”
BlackCat Ransomware Background
FBI analysis links BlackCat to over 60 breaches from November 2021 to March 2022. A separate agency advisory notes the group collected at least $300 million from more than 1,000 victims through September 2023.
In 2019, ProPublica reported that certain U.S. data recovery companies secretly paid ransomware groups to restore client data, billing customers without disclosure.
