-
A ransomware negotiator from Florida assisted the criminals he was hired to oppose by going behind his clients’ backs and providing them with confidential information regarding his clients.
-
This man and two other cybersecurity experts pulled off a ransomware gig that earned them $1.2 million in bitcoin from just one victim.
-
About $10 million worth of his assets, including a food truck, one luxury fishing boat, and some virtual currency, are now in the hands of the FBI.
Angelo Martino, aged 41, from Land O’Lakes, Florida, who was paid to negotiate with ransomware attackers, instead teamed up with the attackers to rip off victims.
He recently admitted to being part of a plot that went on from April to November of last year.
The Ultimate Insider Betrayal
Martino worked at a US cyber incident response company as someone who negotiates with ransomware crews on behalf of victims. However, Martino went behind his clients’ backs and teamed up with the BlackCat ransomware crew. This variant is also known as ALPHV.
For five different victims, Martino did the unthinkable. He gave the attackers confidential details about his own clients. This included insurance policy limits. It also included internal negotiation positions and strategies.
This info helped the criminals demand higher ransoms. Criminals often obtain initial access to companies through stolen identities purchased on the dark web, as seen in a separate fraud scheme where fraudsters used compromised personal information to rent cars and commit financial crimes, highlighting how the dark web fuels both the initial breach and the subsequent extortion.
The BlackCat actors compensated Martino for those secrets. He did all this without his employer knowing. The victims had no clue either.
Three Cybersecurity Pros Turned Crooks
Martino did not stop at just selling secrets. He also admitted to conspiring with two other men. They are Ryan Goldberg from Georgia and Kevin Martin from Texas. All three worked in the cybersecurity industry, and their skills worked to their advantage in committing the crimes.
Together, they successfully targeted many US victims in several BlackCat ransomware campaigns around April and November of 2023. One of the attacks brought in up to $1.2 million in ransom paid by a single victim.
The three men split that ransom three ways. Then they laundered the money through various methods. Goldberg and Martin pleaded guilty to the same charge in December last year.
The FBI Comes Knocking
Law enforcement has already seized $10 million in assets from Martino. That includes digital currency. It also includes vehicles, a food truck, and a luxury fishing boat. Martino bought all of these with crime proceeds.
“His clients trusted him to respond to ransomware threats,” said Assistant Attorney General A. Tysen Duva. “Instead, he betrayed them & began launching the ransomware attacks himself.”
U.S. Attorney Jason A. Reding Quiñones for the Southern District of Florida put it bluntly. “Ransomware victims turned to this defendant for help, and he sold them out from the inside.”
The FBI’s Assistant Director Brett Leatherman added this. “The FBI works every day to dismantle the ransomware ecosystem.” He said that includes catching key facilitators like Martino.
Martino admitted to one count of conspiracy. Prosecutors say he tried to block or disrupt businesses through extortion. A judge will hand down his punishment on July 9, and could slap him with up to 20 years behind bars.
Also, Goldberg and Martin’s sentencing comes up on April 30. They could each face up to 20 years, too. A federal district court judge will be the one to decide their final sentences. The judge will consider the U.S. Sentencing Guidelines and other things when making that decision.
A Bigger Crackdown on BlackCat
This case follows earlier Justice Department actions to disrupt BlackCat ransomware in late 2023. The FBI even rolled out a decryption tool. FBI field offices across the country used it. Law enforcement partners around the world also helped.
This tool offered hundreds of victims a way to restore their systems. It saved victims approximately $99 million in ransom payments. The FBI also confiscated several websites that the BlackCat actors ran.
The Miami, Florida field office of the FBI conducted this investigation, with help from the United States Secret Service. The two trial attorneys prosecuting the case are Jorge Gonzalez and Christen Gallagher of the Computer Crime and Intellectual Property Section of the U.S. Department of Justice (DOJ), which is prosecuting the case.
Assistant U.S. Attorneys Quinshawna Landon and Thomas Haggerty are also on the case. Assistant U.S. Attorney Mitchell Hyman is in charge of asset forfeiture.
If you are a ransomware victim, do not attempt to negotiate with the criminals on your own; call your local FBI field office for help. You can also file a report at ic3.gov. If you have information about ALPHV or BlackCat, you may qualify for a reward through the State Department’s programs.
