Internet Voices

Ransomware Negotiator Sentenced to 70 Months for Betrayal

A former ransomware negotiator colluded with BlackCat attackers to inflate ransoms, receiving a 70-month prison sentence. Damages exceeded $75 million.

3 min read Reviewed & edited by the SINGULISM Editorial Team

Ransomware Negotiator Sentenced to 70 Months for Betrayal
Photo by Kaptured by Kasia on Unsplash

Based on a report by Jon Brodkin on Ars Technica.

A man who was supposed to protect ransomware victims as a negotiator but colluded with attackers to inflate ransoms has been sentenced to 70 months (approximately six years) in federal prison.

A former ransomware negotiator was sentenced to 70 months in prison yesterday after colluding with BlackCat scammers to extort the victims he was hired to protect.

Angelo Martino, a 41-year-old Florida resident, was employed by DigitalMint, a company that offers ransomware negotiation services to businesses. According to a sentencing memorandum from the U.S. Department of Justice, Martino’s primary role was to negotiate ransom payments down. Instead, he provided attackers with confidential negotiation information to help them maximize ransom demands, in return for a share of the payments.

As a ransomware negotiator for the company DigitalMint, Florida resident Angelo Martino’s job was “to negotiate with cybercriminals to mitigate the ransoms paid by [DigitalMint’s] clients,” the US government said in a sentencing memorandum on Tuesday. “Instead, Martino provided the cybercriminals with confidential negotiation information to maximize the ransoms in exchange for a portion of the ransom payments. Five of the victims whom Martino was supposed to help paid over $75 million to ransomware affiliates, including likely millions of dollars in ransom demands inflated as a result of the confidential information provided by Martino.”

The five victim organizations—spanning financial services, healthcare, hospitality, retail, and non-profits—paid ransoms ranging from $213,000 to $26.8 million between April 2023 and September 2023. Without Martino’s betrayal, these amounts would likely have been significantly lower.

Victims of the scheme paid ransoms ranging from $213,000 to $26.8 million between April 2023 and September 2023. Besides the financial loss, the conspiracy “affected the ability of victims including companies in the financial services and health industry to provide services to customers,” the US said.

Martino pleaded guilty to conspiracy charges and sought a 24-month sentence, arguing that he had “provided substantial assistance” in the prosecution and conviction of two accomplices. However, the court adopted the government’s recommendation of a 70-to-87-month sentence. Martino’s co-conspirators, Kevin Martin from Texas and Ryan Goldberg from Georgia, were each sentenced to four years in prison. Additionally, Martino was ordered to forfeit assets obtained through his crimes, including two properties in Florida, a boat, and several vehicles. He must also allocate part of his future earnings to compensate the victims after his release.

Editorial Opinion

This case has profoundly shaken trust in external ransomware negotiators. It is likely to prompt companies to strengthen their vetting processes when selecting incident response vendors, with greater emphasis on transparency clauses in contracts.

The issue of ethical conduct among defense-side professionals has emerged as a critical challenge. As skills in this field become more advanced, there is a growing need for systems that do not rely solely on personal ethics. The industry must move toward standardized certifications and behavioral audits.

Who watches the watchers? The lack of established technical and contractual frameworks to ensure transparency in the negotiation process has been laid bare. The ransomware response supply chain as a whole must find ways to rebuild trust.

References

Frequently Asked Questions

What is the most crucial issue in this case?
The key issue is that the ransomware negotiator provided confidential client information to attackers, inflating ransom demands. This case highlights the risks of insider misconduct within incident response services, where a defense-side professional exploited information asymmetry for personal gain.
What should companies consider when hiring external incident response teams?
Beyond assessing the track record and reputation of the service provider, companies should ensure the auditability of negotiation processes and robust information management systems. This case demonstrates the dangers of lacking real-time behavioral audits and multi-signature approval processes for critical decisions.
What are the sentencing details and future implications?
The former negotiator received a 70-month prison sentence. Two co-conspirators were sentenced to four years each. Martino was also ordered to forfeit assets and use part of his post-release income to compensate victims. This verdict is expected to serve as a deterrent against similar misconduct in the future.
Source: Ars Technica

Comments

← Back to Home