Federal prosecutors have charged a 41-year-old South Florida man with orchestrating a sophisticated ransomware scheme that netted $75.25 million while he worked as a negotiator for cybersecurity firm DigitalMint.
Angelo John Martino III allegedly conducted at least 10 ransomware attacks, with five victims unknowingly hiring DigitalMint to negotiate on their behalf—placing Martino in the extraordinary position of negotiating with himself, according to federal court records unsealed Wednesday.
The scheme involved Martino obtaining an affiliate account with the ALPHV ransomware group, also known as BlackCat, and conspiring with other former cybersecurity professionals to infiltrate victims' networks during a six-month period in 2023.
%20(1)%20(1).webp)
Prosecutors allege that Martino leveraged his position to provide confidential negotiation information to his ALPHV co-conspirators, maximizing ransom payments from victims who believed he was working on their behalf.
The five U.S.-based victims who unwittingly hired Martino through DigitalMint included organizations across multiple sectors—a nonprofit and companies in hospitality, financial services, retail, and medical industries. All five victims paid ransoms to resolve their attacks.
Martino was previously identified as an unnamed co-conspirator in a November indictment against Kevin Tyler Martin, another former DigitalMint negotiator, and Ryan Clifford Goldberg, a former incident response manager at Sygnia. Both men pleaded guilty in December and face sentencing on April 30.
DigitalMint moved swiftly once federal authorities made contact, suspending Martino's system access on April 3 when the Justice Department notified them of the investigation and terminating his employment the following day.
"We strongly condemn these former employees' criminal behavior, which violated our values, ethical standards and the law," said DigitalMint CEO Jonathan Solomon in a statement.
"DigitalMint has fully cooperated with law enforcement from the outset and does not expect further charges," Solomon added. "While no organization can completely eliminate insider risk, we take incidents like this extremely seriously and have strengthened safeguards and internal controls to further reduce the likelihood of similar conduct."
The company, which faces no criminal charges, stated it was unaware of Martino and Martin's alleged criminal activities prior to hiring them. DigitalMint declined to address whether clients received refunds, citing confidentiality obligations.
"We are not able to discuss specific client relationships or fee arrangements due to confidentiality obligations," a company spokesperson said. "We remain committed to our clients and have addressed any commercial matters directly with those parties."
The case highlights significant vulnerabilities in the ransomware negotiation industry, where backchannel communications often operate without oversight or scrutiny.
Federal authorities seized substantial assets from Martino, including nearly $9.2 million in cryptocurrency across five different digital currencies held in 21 wallets. Physical assets confiscated include luxury vehicles—a 1999 Nissan Skyline, 2024 Polaris RZR, and 2023 trailer—plus a 29-foot boat and two properties in Nokomis, Florida.
Martino faces charges of conspiracy to interfere with commerce by extortion, carrying a potential 20-year prison sentence. He is scheduled to enter a plea on March 19, with bond set at $500,000.
The case represents one of the most extreme examples of insider threats within the cybersecurity industry, where trusted professionals exploited their positions to perpetrate the very crimes they were hired to resolve.