Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case
Published
Key Takeaways
- DOJ Indictment: A former incident response employee faces charges for allegedly colluding with the notorious BlackCat ransomware syndicate.
- Insider Scheme: The suspect reportedly shared confidential negotiation data to carry out attacks, highlighting severe insider cybersecurity threats within the industry.
- Massive Impact: The group targeted multiple U.S. organizations with ransomware extortion, extracting over $1 million from a single medical device manufacturer.
The U.S. Department of Justice has unsealed charges against Angelo Martino, a former employee of a prominent incident response firm, for his alleged role in a sophisticated cybercrime operation, including conspiracy to commit extortion. Between April 2023 and April 2025, he reportedly operated as a direct affiliate for the BlackCat ransomware (ALPHV) network.Â
Extortion Campaign
Instead of mitigating cyber incidents, Martino and two accomplices (Ryan Clifford Goldberg, a former DigitalMint employee from Georgia, and Kevin Tyler Martin, a former Sygnia incident response manager from Texas) allegedly exploited their trusted positions to demand ransom paymentsÂ
They reportedly threaten to leak sensitive corporate data of at least 10 U.S. victims, paying a 20% cut directly to the core BlackCat administrators, court documents allege:
- A hospitality company
- A nonprofit company.
- A financial services company.
- A retail company.
- A medical company.
- A medical device company.
- A manufacturer of unmanned aerial systems.
- An engineering company.
- A pharmaceutical company.
- A doctor's office.
In one notable instance of ransomware extortion, the syndicate successfully extracted a ransom of approximately $1,274,000 in virtual currency at the time of payment from the Tampa-based medical device manufacturer.
Mitigating Insider Vulnerabilities
This unprecedented case exposes critical vulnerabilities within the incident response ecosystem itself. It underscores the growing severity of cybersecurity insider threats, in which highly trained professionals leverage privileged access to carry out cyberattacks.Â
In August 2024, the discovery of several fundamental security flaws in the Web infrastructure used by ransomware gangs such as Everest, BlackCat, and Mallox saved six companies from paying potentially hefty ransom demands.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular