{"id":205359,"date":"2026-04-24T01:15:00","date_gmt":"2026-04-24T05:15:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/24\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy\/"},"modified":"2026-04-24T01:50:08","modified_gmt":"2026-04-24T05:50:08","slug":"the-turncoat-how-a-ransomware-negotiator-joined-the-enemy","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/04\/24\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy\/","title":{"rendered":"The turncoat: how a ransomware negotiator joined the enemy"},"content":{"rendered":"<p><a href=\"https:\/\/www.escudodigital.com\/en\/cybersecurity\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy.html\">The turncoat: how a ransomware negotiator joined the enemy<\/a><\/p>\n<p><a href=\"https:\/\/www.escudodigital.com\/en\/cybersecurity\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy.html\">https:\/\/www.escudodigital.com\/en\/cybersecurity\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-24 01:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.escudodigital.com\">www.escudodigital.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\tThe United States Department of Justice (DoJ) has made public the case of Angelo Martino, a 41-year-old former ransomware negotiator based in Florida, who has pleaded guilty to conspiring with the cybercriminal group ALPHV\/BlackCat while working for extorted victim companies.<\/p>\n<p>The case, described by authorities as a \u201cbetrayal from within\u201d the incident response ecosystem, reveals how the accused not only leaked confidential information to the attackers but also actively participated in ransomware campaigns against U.S. organizations.<\/p>\n<p>Martino worked at a cyber incident response company as a ransomware negotiator, meaning he was the professional responsible for mediating between victims and threat actors to reduce ransom amounts and manage the crisis.<\/p>\n<p>However, since April 2023, he began collaborating with the operators of BlackCat\/ALPHV, one of the most active ransomware groups on the global scene.<\/p>\n<p>The DOJ details that while negotiating on behalf of at least five victims, Martino transmitted confidential information to the attackers without the knowledge or authorization of his clients or employer. Among the leaked data were the limits of affected companies\u2019 cyber insurance policies and internal negotiation strategies.<\/p>\n<p>According to the agency\u2019s press release, this information \u201chelped ransomware actors and maximized the ransoms that victims were forced to pay.\u201d<\/p>\n<p>In return, Martino received direct payments from cybercriminals for providing these sensitive data.<\/p>\n<p>Not only an accomplice, but also an &#8216;affiliate&#8217;<\/p>\n<p>The accused has also admitted to conspiring with two other cybersecurity professionals \u2014 Ryan Goldberg and Kevin Martin \u2014 to directly deploy BlackCat-type ransomware against multiple victims in the North American country between April and November 2023. The three leveraged their technical knowledge to execute the attacks.<\/p>\n<p>In one of the incidents, the trio managed to extort approximately $1.2 million in bitcoin from a victim. Subsequently, the involved parties divided the profits and laundered the funds through various mechanisms.<\/p>\n<p>The Department of Justice has highlighted how the accused \u201cbetrayed his clients and began launching ransomware attacks himself, aiding cybercriminals and harming victims, his own employer, and the industry.\u201d<\/p>\n<p>For his part, the deputy director of the FBI\u2019s cyber division, Brett Leatherman, has emphasized that the case demonstrates that the ransomware phenomenon is not only transnational but also domestic.<\/p>\n<p>So far, authorities have seized approximately $10 million in assets linked to Martino, including cryptocurrencies, vehicles, a food truck, and a luxury fishing boat acquired with crime proceeds.<\/p>\n<p>The DOJ has confirmed that Martino has pleaded guilty to one count of conspiracy to interfere with commerce by extortion, a federal offense that can carry up to 20 years in prison.<\/p>\n<p>His two accomplices have also done the same and await sentencing, with similar maximum penalties.<\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\tThe United States Department of Justice (DoJ) has made public the case of Angelo Martino, a 41-year-old former ransomware negotiator based in Florida, who has pleaded guilty to conspiring with the cybercriminal group ALPHV\/BlackCat while working for extorted victim companies.<\/p>\n<p>The case, described by authorities as a \u201cbetrayal from within\u201d the incident response ecosystem, reveals how the accused not only leaked confidential information to the attackers but also actively participated in ransomware campaigns against U.S. organizations.<\/p>\n<p>Martino worked at a cyber incident response company as a ransomware negotiator, meaning he was the professional responsible for mediating between victims and threat actors to reduce ransom amounts and manage the crisis.<\/p>\n<p>However, since April 2023, he began collaborating with the operators of BlackCat\/ALPHV, one of the most active ransomware groups on the global scene.<\/p>\n<p>The DOJ details that while negotiating on behalf of at least five victims, Martino transmitted confidential information to the attackers without the knowledge or authorization of his clients or employer. Among the leaked data were the limits of affected companies\u2019 cyber insurance policies and internal negotiation strategies.<\/p>\n<p>According to the agency\u2019s press release, this information \u201chelped ransomware actors and maximized the ransoms that victims were forced to pay.\u201d<\/p>\n<p>In return, Martino received direct payments from cybercriminals for providing these sensitive data.<\/p>\n<p>Not only an accomplice, but also an &#8216;affiliate&#8217;<\/p>\n<p>The accused has also admitted to conspiring with two other cybersecurity professionals \u2014 Ryan Goldberg and Kevin Martin \u2014 to directly deploy BlackCat-type ransomware against multiple victims in the North American country between April and November 2023. The three leveraged their technical knowledge to execute the attacks.<\/p>\n<p>In one of the incidents, the trio managed to extort approximately $1.2 million in bitcoin from a victim. Subsequently, the involved parties divided the profits and laundered the funds through various mechanisms.<\/p>\n<p>The Department of Justice has highlighted how the accused \u201cbetrayed his clients and began launching ransomware attacks himself, aiding cybercriminals and harming victims, his own employer, and the industry.\u201d<\/p>\n<p>For his part, the deputy director of the FBI\u2019s cyber division, Brett Leatherman, has emphasized that the case demonstrates that the ransomware phenomenon is not only transnational but also domestic.<\/p>\n<p>So far, authorities have seized approximately $10 million in assets linked to Martino, including cryptocurrencies, vehicles, a food truck, and a luxury fishing boat acquired with crime proceeds.<\/p>\n<p>The DOJ has confirmed that Martino has pleaded guilty to one count of conspiracy to interfere with commerce by extortion, a federal offense that can carry up to 20 years in prison.<\/p>\n<p>His two accomplices have also done the same and await sentencing, with similar maximum penalties.<\/p>\n<p>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tBecome a premium member for free!<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The turncoat: how a ransomware negotiator joined the enemy https:\/\/www.escudodigital.com\/en\/cybersecurity\/the-turncoat-how-a-ransomware-negotiator-joined-the-enemy.html Publish Date: 2026-04-24 01:15:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":205360,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/d3fkdmlbzjtjd3.cloudfront.net\/articulos\/articulos-74818.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-205359","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205359"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=205359"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205359\/revisions"}],"predecessor-version":[{"id":205361,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/205359\/revisions\/205361"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/205360"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=205359"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=205359"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=205359"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}