Inside the Betrayal: How Trusted Cybersecurity Experts Became Ransomware Accomplices
A third American ransomware negotiator admits to aiding hackers, exposing a dangerous breach of trust within the cybersecurity industry.
When companies face digital extortion, they turn to cybersecurity professionals for rescue. But what happens when the very people hired to negotiate with hackers secretly join the ranks of the criminals? This unsettling question is no longer hypothetical. In a case shaking the foundations of the cybersecurity world, a third U.S. security expert has pleaded guilty to collaborating with the notorious BlackCat ransomware gang-while posing as a defender of victims.
The story first broke in late 2025, when federal authorities charged three men with orchestrating ransomware attacks from inside the very companies meant to protect victims. Two of the accused, Kevin Martin from Texas and Ryan Goldberg from Georgia, quickly pleaded guilty. But the identity of the third insider remained a mystery until March 2026, when Florida-based negotiator Angelo Martino was unmasked and admitted his role.
Martino’s betrayal is especially egregious given his position: he worked at an incident response firm, hired by companies desperate for help when their data was held hostage. According to the Justice Department, Martino secretly funneled sensitive information-gleaned during ransom negotiations-to the BlackCat cybercrime group. This intelligence allowed the hackers to demand higher payments, maximizing profits for the criminals and Martino himself, who received a cut of the illicit earnings.
BlackCat, also known as Alphv, is one of the most prolific ransomware gangs in recent years, responsible for attacks on over a thousand organizations across the globe. Their reign ran from late 2021 until a law enforcement crackdown in December 2023. Even after the operation was disrupted, BlackCat managed to collect a staggering $22 million ransom before vanishing with the money in a classic “exit scam.”
For the cybersecurity industry, the scandal is a wake-up call. Victims of ransomware are often forced to trust negotiators with their most sensitive information, believing these experts are working in their best interest. The Martino case reveals how this trust can be weaponized by insiders, turning defenders into facilitators of crime. The Department of Justice has seized $10 million in assets from Martino, but the true cost-measured in shattered trust, financial losses, and emboldened criminals-may be far greater.
As sentencing looms for Martino and his co-conspirators, the industry must grapple with a sobering reality: the line between hero and villain in the cyber underground is thinner than anyone imagined. For organizations under digital siege, verifying not just the skills, but the integrity of their protectors, has never been more critical.
WIKICROOK
- Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
- Incident Response: Incident response is the structured process organizations use to detect, contain, and recover from cyberattacks or security breaches, minimizing damage and downtime.
- Negotiator: A negotiator is the person in a ransomware gang who contacts victims, manages ransom discussions, and arranges payment details during a cyberattack.
- Exit Scam: An exit scam is when operators of an illicit online service vanish suddenly, taking users’ money or data and leaving victims without recourse.
- Insider Threat: An insider threat is when someone within an organization misuses their access to systems or data, intentionally or accidentally causing harm.




