Cybersecurity Insider Exposed as Ransomware Mastermind in $75M Extortion Scheme Federal prosecutors have unmasked a shocking cybersecurity betrayal: Angelo Martino, a 41-year-old employee of Chicago-based DigitalMint, allegedly orchestrated the very ransomware attacks he was hired to negotiate. Martino and two accomplices Kevin Tyler Martin (also of DigitalMint) and Ryan Clifford Goldberg (an incident response manager at Sygnia Cybersecurity) are accused of extorting over $75 million from at least four companies and a nonprofit between 2023 and 2025. The victims spanned hospitality, retail, medical, and financial services, with two ransoms exceeding $25 million each. Martino’s role as a ransom negotiator provided insider access, while Goldberg exploited network vulnerabilities and Kevin Martin executed the attacks, locking systems and exfiltrating data. The group used ALPHV BlackCat ransomware, a notorious strain linked to hundreds of global attacks, under an "affiliate" agreement that funneled a cut of profits back to its developers. Authorities seized Martino’s Florida properties, vehicles, and $9 million in cryptocurrency. A plea hearing is scheduled for June 13, while Goldberg and Kevin Martin who pleaded guilty in December face sentencing on April 30. All three have been terminated from their employers. DigitalMint’s CEO, Jonathan Solomon, confirmed the company was alerted by the Justice Department in April 2025 and fired Martino immediately. A review found no additional misconduct, and DigitalMint has since tightened internal controls. Meanwhile, cybersecurity firm TRM Labs reports a surge in ransomware attacks, attributing the rise to a growing pool of threat actors exploiting vulnerabilities for profit.

Digital Mint, a ransomware negotiation company, is facing allegations that a former employee colluded with ransomware criminals. The employee reportedly profited from extortion payments while negotiating ransomware demands. This incident has led to a criminal investigation by the US Department of Justice. The company has fired the employee and is cooperating with the investigation. There is no indication that Digital Mint was aware of the employee’s actions or supported them.

Russian Cybercriminal Sentenced for Role in $24M Ransomware Scheme A 26-year-old Russian national, Aleksei Olegovich Volkov, has been sentenced to 6.75 years in U.S. prison for his involvement in a series of ransomware attacks targeting American organizations. Volkov, arrested in Italy in January 2024 and extradited to the U.S., pleaded guilty in November 2025 to charges including computer fraud, identity theft, and money laundering. As an initial access broker, Volkov exploited vulnerabilities to gain unauthorized entry into corporate networks, selling this access to cybercriminal groups like the Yanluowang ransomware operation. His actions enabled attacks that caused over $9 million in confirmed losses and an estimated $24 million in intended damages. After ransomware was deployed, victims faced encrypted data and extortion demands often in the tens of millions with Volkov receiving a cut of the illicit profits. As part of his plea, Volkov agreed to pay $9.17 million in restitution to victims and forfeit tools used in the crimes. Third BlackCat Ransomware Negotiator Charged Separately, U.S. authorities charged 41-year-old Angelo Martino, a former negotiator for the BlackCat (ALPHV) ransomware gang, with facilitating extortion against at least 10 victims. Martino, previously employed by DigitalMint, allegedly helped secure higher ransom payouts. Authorities seized $9.2 million in cryptocurrency from his wallets, along with luxury assets. Two other BlackCat affiliates, Ryan Clifford Goldberg and Kevin Tyler Martin, pleaded guilty in December 2025. DigitalMint condemned their actions, stating the individuals violated company policies and ethical standards.

Former DigitalMint Employee Charged in BlackCat Ransomware Insider Scheme The U.S. Department of Justice has charged Angelo Martino, a former ransomware negotiator for cybersecurity firm DigitalMint, with conspiracy to interfere with interstate commerce by extortion. Martino surrendered to authorities on March 10 after being implicated in an insider scheme involving the BlackCat (ALPHV) ransomware operation. Court documents reveal that Martino, while employed at DigitalMint, shared confidential negotiation details with BlackCat operators between April 2023 and April 2025. He acted alongside two accomplices Kevin Tyler Martin (another ex-DigitalMint employee) and Ryan Goldberg (a former Sygnia incident response manager) who were previously charged in an October 2025 indictment. Both Martin and Goldberg have pleaded guilty and await sentencing in April. The defendants allegedly operated as BlackCat affiliates, extorting victims by threatening to leak stolen data. Prosecutors claim they paid BlackCat administrators a 20% cut of collected ransoms in exchange for access to the ransomware and extortion portal. At least five U.S. organizations were targeted, including a Tampa-based medical device manufacturer that paid a $1.27 million ransom. Other victims spanned healthcare, legal, education, and financial sectors. DigitalMint CEO Jonathan Solomon condemned the actions, stating the company terminated both Martino and Martin upon discovering their misconduct and fully cooperated with law enforcement. The company has since strengthened internal controls to mitigate insider risks. BlackCat has been a prolific ransomware threat, linked to over 60 breaches between November 2021 and March 2022 and amassing at least $300 million from 1,000+ victims by September 2023. The case follows earlier reports of data recovery firms secretly paying ransoms on behalf of clients while charging for restoration services.

Cybersecurity Insider Betrays Employer to Aid Ransomware Attacks, DOJ Reveals A former employee of Chicago-based cybersecurity firm DigitalMint has been exposed as a key conspirator in a ransomware scheme that targeted U.S. organizations between April and November 2023. According to the U.S. Department of Justice (DOJ), James Martino who was trusted to assist ransomware victims instead colluded with cybercriminals, sharing sensitive details such as insurance policy limits and negotiation strategies in exchange for a share of the profits. Martino worked alongside Ryan Goldberg (a Georgia resident employed by cybersecurity firm Sygnia) and Kevin Martin (a Texas resident and fellow DigitalMint employee) to deploy BlackCat ransomware against multiple victims. In one case, the group extorted $1.2 million in Bitcoin from a victim, splitting and laundering the proceeds through various channels. Authorities have since seized $10 million in assets linked to Martino, including digital currency, a food truck, and a luxury fishing boat. The DOJ emphasized that Martino’s actions not only harmed victims but also undermined the integrity of the cyber incident response industry. Goldberg and Kevin Martin were indicted in November 2025, with Martino initially identified as an unnamed co-conspirator. The case highlights the risks posed by insider threats within cybersecurity firms, where trusted personnel may exploit their access to facilitate criminal activity.