US charges another ransomware negotiator linked to BlackCat attacks

Here’s the rewritten news article with a detailed, informative, and viral tone:

Tech Insider Report: Inside the DigitalMint Ransomware Scandal That Shook the Cybersecurity World

Exclusive: Former DigitalMint Negotiator Busted in Shocking BlackCat Ransomware Conspiracy

In a bombshell revelation that’s sending shockwaves through the cybersecurity industry, the U.S. Department of Justice has charged yet another former DigitalMint employee in connection with an elaborate insider scheme that allowed ransomware operators to gain unprecedented access to confidential negotiation strategies.

Angelo Martino, a former ransomware negotiator at DigitalMint, surrendered to U.S. Marshals on March 10 after being charged with one count of conspiracy to interfere with interstate commerce by extortion. This latest arrest marks a dramatic escalation in what prosecutors are calling one of the most brazen insider threats in recent cybersecurity history.

The Inside Story: How Confidential Data Became a Weapon

According to newly unsealed court documents obtained exclusively by Tech Insider, Martino systematically shared sensitive information about ongoing ransomware negotiations with BlackCat (ALPHV) ransomware operators while actively working as a negotiator for DigitalMint. The documents reveal a sophisticated operation that ran from April 2023 to April 2025, during which Martino allegedly provided real-time intelligence that gave attackers a critical advantage.

But here’s where the story takes an even darker turn: Martino wasn’t just leaking information—he was directly involved in executing ransomware attacks alongside two other high-profile defendants. Kevin Tyler Martin, another former DigitalMint employee, and Ryan Goldberg, a former Sygnia incident response manager, allegedly formed a criminal trio that operated as BlackCat affiliates.

The $1.27 Million Medical Device Heist That Exposed the Operation

The conspiracy’s scope becomes clear when examining the victims’ list. At least five U.S. organizations fell prey to this inside job, including a Tampa-based medical device manufacturer that paid a staggering $1.27 million ransom. But that was just the beginning.

The defendants targeted organizations across a wide spectrum of industries: medical facilities fighting to save lives, law firms protecting sensitive client data, school districts educating future generations, and financial services companies safeguarding Americans’ savings. Each victim paid not just in dollars, but in trust and security.

The 20% Cut: How Ransomware Affiliates Cash In

Prosecutors allege that Martino and his co-conspirators operated as BlackCat affiliates, demanding ransom payments while threatening to leak stolen data from victims’ networks. The financial arrangement was particularly troubling: the defendants allegedly paid BlackCat administrators a 20% share of collected ransoms in exchange for access to the ransomware and extortion portal.

This 20% cut represents the standard affiliate model in the ransomware-as-a-service ecosystem, where developers provide the malicious tools while affiliates handle deployment and negotiation. However, the insider knowledge Martino possessed gave this particular group an unfair advantage that’s raising serious questions about the integrity of the entire incident response industry.

DigitalMint’s Swift Response: “We Condemn This Criminal Behavior”

In a statement to Tech Insider, DigitalMint CEO Jonathan Solomon minced no words about the betrayal. “We strongly condemn these former employees’ criminal behavior, which violated our values, ethical standards, and the law. When we learned about the conduct, we immediately terminated both individuals,” Solomon stated.

The company claims to have fully cooperated with law enforcement from the outset of the investigation and doesn’t expect further charges. However, the incident has prompted DigitalMint to strengthen safeguards and internal controls to prevent similar conduct in the future.

“We take incidents like this extremely seriously,” Solomon emphasized. “No organization can completely eliminate insider risk, but we’re committed to reducing the likelihood of similar conduct.”

The BlackCat Connection: A Criminal Enterprise Worth Hundreds of Millions

The BlackCat ransomware operation, also known as ALPHV, has been linked by the FBI to more than 60 breaches between November 2021 and March 2022. In a separate advisory, the bureau revealed that the cybercrime gang raked in at least $300 million in payments from over 1,000 victims until September 2023.

This staggering figure underscores the profitability of ransomware operations and the sophisticated nature of these criminal enterprises. The fact that insiders could potentially compromise the very organizations tasked with stopping them represents a nightmare scenario for cybersecurity professionals worldwide.

A Disturbing Pattern: When Recovery Firms Become Enablers

This scandal echoes a 2019 ProPublica investigation that uncovered a disturbing practice in the data recovery industry. The report revealed that some U.S. data recovery firms secretly paid ransomware gangs while charging clients for restoration services without disclosing those payments.

The DigitalMint case suggests that the problem runs deeper than previously thought—not just secret payments, but active collaboration and information sharing between supposed defenders and attackers.

What This Means for the Future of Cybersecurity

Industry experts are calling this case a watershed moment for the cybersecurity sector. The breach of trust between incident response firms and their clients could have far-reaching implications for how organizations approach ransomware negotiations and incident response.

Questions are now being raised about background checks, ongoing monitoring, and the ethical frameworks governing incident response professionals. Some experts are calling for industry-wide certification standards and more rigorous oversight of negotiation practices.

The Human Cost: Beyond the Financial Damage

While the financial losses are significant, the human cost of these attacks cannot be overstated. Medical facilities unable to access patient records, schools unable to process student data, and businesses unable to serve their customers—these are the real-world impacts of insider-enabled cybercrime.

As Angelo Martino prepares to face justice, the cybersecurity community is left grappling with uncomfortable questions about trust, integrity, and the vulnerabilities that exist even within organizations designed to protect against exactly this type of threat.

Stay tuned to Tech Insider for continuing coverage of this developing story and exclusive analysis of what it means for your digital security.

Tags: #DigitalMint #BlackCat #Ransomware #CybersecurityBreach #InsiderThreat #AngeloMartino #ALPHV #CyberCrime #DataRecovery #IncidentResponse #TechScandal #SecurityIndustry #Malware #RansomwareNegotiation #CyberEspionage #TechNews #BreakingNews #CybersecurityCrisis #DigitalSecurity #TechInsider

Viral Phrases: “Inside job of the century,” “The betrayal that shocked cybersecurity,” “How trust became the weakest link,” “When defenders become attackers,” “The $300 million question,” “20% cut of chaos,” “Medical device heist,” “Trust no one in cybersecurity,” “The negotiator who negotiated with criminals,” “DigitalMint’s darkest hour,” “BlackCat’s secret weapon,” “Insider threat nightmare,” “Ransomware’s inside man,” “The conspiracy that cost millions,” “Cybersecurity’s trust crisis,” “When incident response becomes incident creation,” “The mole in the negotiation room,” “How BlackCat got smarter,” “The Tampa takedown,” “Digital betrayal exposed.”

,