Industry - Data Breach
Executive Summary
A former ransomware negotiator was sentenced to 70 months in prison for colluding with BlackCat ransomware affiliates while working for DigitalMint, sharing confidential client information including insurance limits to maximize ransom payments totaling $75.3 million from five U.S. companies between April and September 2023. The betrayal meant victims unknowingly negotiated with the very person supposed to help them, with individual ransoms reaching nearly $27 million. Two co-conspirators who ...
What Happened
Angelo John Martino III, a ransomware negotiator employed by DigitalMint, was sentenced to 70 months in prison for colluding with BlackCat ransomware affiliates between April and September 2023. While representing five victim companies during ransom negotiations, Martino secretly shared confidential client information - including negotiating positions and insurance policy limits - with the attackers to maximize payments. The five victims paid a combined $75.3 million in ransoms, with individual payments reaching nearly $27 million, while unknowingly negotiating with the very person hired to protect their interests.
Who Is Affected
Five U.S. organizations that hired DigitalMint for ransomware negotiation services were directly affected, including a nonprofit, a financial services company, a hospitality company, and a medical company. These victims paid substantially inflated ransoms because their confidential business information, insurance coverage details, and negotiating strategies were disclosed to attackers. Any organization that used DigitalMint's negotiation services during Martino's employment (2022-2025) should review whether their confidential information was similarly compromised.
Why It Matters
This case represents an extraordinary breach of trust in the incident response industry, where organizations experiencing cyberattacks depend on negotiators to protect their interests during their most vulnerable moments. The betrayal demonstrates that even specialized cybersecurity service providers can harbor insider threats who exploit privileged access to confidential business information. The scale of the theft - $75.3 million extracted through coordinated deception - sets a troubling precedent showing how insider access to victim insurance limits and negotiating positions can be weaponized to inflate ransom demands far beyond what attackers might otherwise obtain.
What You Should Do
Organizations that used DigitalMint or similar ransomware negotiation services between 2022 and 2025 should immediately review what confidential information was shared with negotiators and assess whether payment amounts may have been artificially inflated. Companies should implement dual-negotiator requirements or independent oversight when engaging incident response firms to prevent a single individual from controlling sensitive negotiations. Before hiring ransomware negotiation services, verify that the firm conducts background checks, maintains segregation of duties, and has monitoring systems to detect employees communicating with threat actors through unauthorized channels.
Summary generated from verified sources and reviewed before publication. How we summarize.