The ‘groundbreaking’ case of the cyber experts who allegedly broke bad and worked with criminals
Ransomware attacks
(CNN) — US companies in the retail, hospitality and medical sectors trusted Angelo Martino to negotiate with hackers who were trying to extort them. Instead, he made the extortion worse, federal prosecutors allege.
Martino allegedly accumulated at least $10 million in assets, including a luxury fishing boat and two properties, as he worked as a ransomware negotiator — one of the most sensitive jobs in cybersecurity.
He also gave a major cybercriminal gang information about his clients’ negotiating positions in order to “maximize” the ransom payments and then take his own cut of them, according to federal prosecutors.
The case is “groundbreaking” because it raises tough questions for the cybersecurity industry about who is being paid to protect ransomware victims, a senior Justice Department official who oversaw the case told CNN. It is also causing a reckoning among security firms that have to deal with the seedy underworld of ransom negotiations.
Ransomware attacks, which lock a computer so the attacker can demand payment, have cost the US economy billions of dollars and shut down critical services. The threat has spawned a lucrative industry of cybersecurity providers who negotiate ransom payments or help law enforcement track down the hackers. Many of those hired are professionals. Some aren’t.
“In working on ransomware for many years, we were … hearing rumors [of misconduct], and I wasn’t shocked that we ended up with a case with these types of charged facts,” the Justice Department official said in an interview.
The Justice Department has looked at at least one other, unrelated instance of alleged fraud in the cybersecurity industry and could bring charges in the coming months, the official said.
“What I think is out there is what I would call more the explicit fraud scenario, where the so-called incident response firm is really not adding any value at all and just defrauding the victim,” the Justice Department official said.
With Martino’s help, the cybercriminal gang was able to secure ransom payments of $25 million or more from a nonprofit and a financial services firm, according to court documents. Martino and two other cybersecurity experts charged in the case, Kevin Tyler Martin and Ryan Clifford Goldberg, are accused of deploying ransomware on victim computers — the very activity they’re trained to stop. After extorting one victim for $1.2 million, the three men split the Bitcoin payment three ways, according to the Justice Department.
Martino allegedly succumbed to a temptation that many ransomware negotiators have faced.
“Ransomware threat actors have a long and well documented history of attempting to build direct relationships with negotiation firms,” said Magnus Jelen, an executive at incident response firm Coveware, which is owned by Veeam Software. “In some cases, they have even developed mechanisms designed to allow unethical intermediaries to profit from ransom payments without full visibility for victims.”
Martino pleaded guilty to a felony charge, the Justice Department announced this week. Martin and Goldberg have also pleaded guilty in the case. Their alleged crimes took place in 2023.
Attorneys for Martin and Goldberg declined to comment. An attorney for Martino did not respond to requests for comment.
Martin and Martino worked for DigitalMint, an Illinois-based firm that helps victims recover from ransomware attacks and in some cases pays ransoms, according to its website. DigitalMint says it immediately fired the men after learning of the Justice Department’s allegations.
“As the government explicitly stated in writing and in court, and Martino admitted in a sworn statement, DigitalMint had no knowledge of Martino’s criminal actions,” a DigitalMint spokesperson told CNN this week.
“The actions of Martino and his co-conspirators, unknown to the company, were in clear violation of the company’s values, ethical standards, and the law,” the spokesperson said.
The FBI and Justice Department and cybersecurity executives, many of whom are ex-law enforcement, have long relied on each other to crack ransomware cases. They feed each other intelligence, compare notes and help take down computer infrastructure used by the hackers.
In 2019, amid a spate of ransomware attacks, the FBI convened some of the nation’s leading private experts at a closed-door summit for fresh ideas on how to deal with the threat.
Seven years later, in the wake of the case involving Martino, Martin and Goldberg, US officials are considering holding “roundtables” or other events to discuss how cybersecurity firms can prevent insider threats, the Justice Department official told CNN.
Some firms in the business have already updated their security practices. Connecticut-based Coveware says it no longer charges any processing fee for clients that choose to pay ransoms.
“Advice on ransom payments must be completely objective and free from incentive bias,” said Jelen, the Coveware executive.
“When these incentive structures operate out of sight, it is the victims who bear the consequences,” he said. “Organizations end up paying ransoms that might otherwise have been avoided, further fueling the cyber extortion economy and reinforcing a cycle that puts more businesses at risk.”
The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
