{"id":14203,"date":"2026-07-10T10:03:39","date_gmt":"2026-07-10T10:03:39","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/07\/10\/ransomware-negotiator-sentenced-for-blackcat-ransomware-operators-to-attack-victims\/"},"modified":"2026-07-10T10:03:39","modified_gmt":"2026-07-10T10:03:39","slug":"ransomware-negotiator-sentenced-for-blackcat-ransomware-operators-to-attack-victims","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/07\/10\/ransomware-negotiator-sentenced-for-blackcat-ransomware-operators-to-attack-victims\/","title":{"rendered":"Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims"},"content":{"rendered":"<p>    Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">A former Florida ransomware negotiator has been sentenced to 70 months in federal prison after conspiring with<a href=\"https:\/\/cybersecuritynews.com\/cybersecurity-professionals-charged\/\" target=\"_blank\" rel=\"noreferrer noopener\"> BlackCat\/ALPHV ransomware<\/a> operators and helping attack multiple U.S. victims.<\/p>\n<p class=\"wp-block-paragraph\">Angelo Martino, of Land O\u2019Lakes, Florida, worked for a U.S.-based cyber incident response company. His role was to help organizations recover from ransomware incidents and negotiate with threat actors.<\/p>\n<p class=\"wp-block-paragraph\">Instead, prosecutors said he abused his access to confidential client information to assist the same cybercriminals targeting those victims.<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.justice.gov\/opa\/pr\/florida-ransomware-negotiator-who-extorted-and-attacked-multiple-us-victims-sentenced-prison\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">According to the U.S. Department of Justice<\/a>, Martino began working with BlackCat actors in April. He reportedly gave the ransomware group sensitive details about victims\u2019 negotiation strategies, financial positions, and planned ransom responses.<\/p>\n<h2 id=\"h-blackcat-ransomware-negotiator-sentenced\" class=\"wp-block-heading\"><strong>BlackCat Ransomware Negotiator Sentenced<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">This intelligence enabled the attackers to increase pressure on victims and seek higher payments. The BlackCat ransomware operation, also known as ALPHV, operated as a <a href=\"https:\/\/cybersecuritynews.com\/ransomware-as-a-service-raas-evolved-as-a-predominant-framework\/\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware-as-a-service<\/a> platform.<\/p>\n<p class=\"wp-block-paragraph\">Its developers supplied malware and infrastructure to affiliates, who conducted network intrusions, stole data, encrypted systems, and demanded cryptocurrency payments.<\/p>\n<p class=\"wp-block-paragraph\">The group became one of the most disruptive ransomware operations targeting organizations worldwide. Martino also conspired with Kevin Martin of Texas and Ryan Goldberg of Georgia, both former cybersecurity professionals.<\/p>\n<p class=\"wp-block-paragraph\">Between April and November, the three men <a href=\"https:\/\/cybersecuritynews.com\/alphv-blackcat-attacks-on-u-s-victims\/\" target=\"_blank\" rel=\"noreferrer noopener\">deployed BlackCat ransomware<\/a> against additional U.S. organizations. Prosecutors said they successfully extorted one victim for approximately million in Bitcoin.<\/p>\n<p class=\"wp-block-paragraph\">The conspirators split their share of the ransom payment into three portions. They used various methods to launder the cryptocurrency proceeds.<\/p>\n<p class=\"wp-block-paragraph\">Martino pleaded guilty on April to one count of conspiracy to interfere with interstate commerce through extortion. Martin and Goldberg were previously sentenced to months in prison on May.<\/p>\n<p class=\"wp-block-paragraph\">Law enforcement has seized more than million in assets linked to Martino. The seized property includes digital currency, vehicles, a food truck, and a luxury fishing boat.<\/p>\n<p class=\"wp-block-paragraph\">Authorities said the assets were acquired through proceeds from the extortion scheme. A restitution hearing is scheduled for September. The case highlights an insider threat that can emerge during ransomware response efforts.<\/p>\n<p class=\"wp-block-paragraph\">Incident response providers often receive highly sensitive information, including ransom affordability assessments, insurance details, recovery plans, internal communications, and negotiation limits.<\/p>\n<p class=\"wp-block-paragraph\">Unauthorized disclosure of that information can directly improve an attacker\u2019s ability to extort a victim. The FBI Miami Field Office led the investigation with support from the U.S. Secret Service.<\/p>\n<p class=\"wp-block-paragraph\">The prosecution is part of Operation Riptide, an FBI campaign focused on cybercrime actors, infrastructure, financial networks, and fraud operations. The Justice Department previously <a href=\"https:\/\/cybersecuritynews.com\/fbi-seized-alphv-blackcat-ransomware\/\" target=\"_blank\" rel=\"noreferrer noopener\">disrupted BlackCat\u2019s infrastructure in December<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">During that operation, the FBI developed a decryption tool that helped hundreds of victims restore encrypted systems and reportedly prevented approximately million in ransom payments.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 87%,rgb(169,184,195) 100%)\"><strong>Stop Accepting SLAs Written for 2019 SOCs \u2013 Here\u2019s the 2026 AI SLA <strong>Vendor<\/strong> Checklist<\/strong> \u2013 <strong><a href=\"https:\/\/underdefense.com\/ai-soc-sla-in-2026-mttr-benchmarks-clause-tables-negotiation-checklist\/?utm_source=cybersecuritynews.com&amp;utm_medium=online_media&amp;utm_campaign=csn_linkedin_newsletter_aisoc_sla_july_2026\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Download Free <strong>AI SOC SLA <\/strong>Guide<\/a><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/ransomware-negotiator-sentenced\/\">Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/ransomware-negotiator-sentenced\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware Negotiator Sentenced for BlackCat Ransomware Operators to Attack Victims A former Florida ransomware negotiator has been sentenced to 70 months in federal prison after conspiring with BlackCat\/ALPHV ransomware operators and helping attack multiple U.S. victims. Angelo Martino, of Land O\u2019Lakes, Florida, worked for a U.S.-based cyber incident response company. His role was to help [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,231],"tags":[130],"class_list":["post-14203","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-ransomware","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14203"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=14203"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/14203\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=14203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=14203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=14203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}