Ex-DigitalMint negotiator gets 70 months for BlackCat scheme
Angelo Martino, ex-DigitalMint IR employee, sentenced to 70 months for feeding BlackCat victims' insurance limits and negotiation floors. An old failure mode.
Angelo Martino, an incident-response employee at ransom-negotiation firm DigitalMint, was sentenced Friday to 70 months in prison for spending roughly two years feeding the BlackCat crew what any negotiator on the other side of the table would pay dearly to know. Between April 2023 and April 2025, according to the plea, Martino passed his co-conspirators the confidential victim information his own employer had been retained to protect — insurance policy limits, negotiation floors, the shape of what a client was actually willing to pay — and BlackCat priced its demands accordingly. He pled to conspiracy to obstruct commerce by extortion.
The BleepingComputer writeup rounds the sentence to “four years” in the headline; the number to remember is 70 months. That’s the sentence Martino himself received. His co-defendants Kevin Tyler Martin (28) and Ryan Clifford Goldberg (33) each received 48 months when they were sentenced in May 2026 on the same scheme.
What was actually stolen
DigitalMint’s product is the fact that its people know what a victim is genuinely prepared to pay, and the crew across the table does not. That informational asymmetry is the entire basis of a ransom negotiation, and it has a name in every other bargaining context — reservation price, BATNA, the walk-away number. Everything the negotiator does is downstream of holding that number close.
Martino handed it to BlackCat. According to the government’s filings, at least five U.S. organizations were struck through the scheme, including school districts, medical facilities, law firms, and financial-services companies. Two of the numbers are public: a financial-services firm paid roughly $25.66 million; a nonprofit paid roughly $26.79 million. Neither of those figures is what the victim thought it was talking BlackCat down from. Both are, essentially, the top of the range DigitalMint had internally acknowledged the client could stretch to — sold, in advance, to the operator making the demand.
DigitalMint CEO Jonathan Solomon’s statement, per BleepingComputer, condemned the conduct and confirmed the firm “immediately terminated” the employees on discovery. The firm’s own reputation is not the story here; there is no reporting yet suggesting the practice extended past the individuals charged, and there is a long distance between a bad hire and an institutional problem.
The failure mode is older than ransomware
The private mediation role — where one party is trusted by both sides to hold hidden information across the negotiation, without which the negotiation cannot happen — is not new. Bail bondsmen, workers’ compensation claim negotiators, medical debt intermediaries, arbitration counsel, real-estate escrow agents: any role built on holding one side’s floor confidential from the other side is a role in which the person holding the floor can, and periodically does, sell it. The forensic pattern is always the same. An outcome slightly too favorable to the counterparty, on too many deals in a row, until an audit or a defector or a wiretap surfaces the reason.
Ransomware negotiation is that role again, wearing 2020s clothes. The two facts a competent operator most wants — the victim’s insurance policy limit and its stated walk-away — happen to be the same two facts the incident-response firm has to write down in an engagement note in order to do the work at all. There is no version of the job in which those facts are not sitting on someone’s laptop. And the crews across the table already have the entire modern extortion apparatus pointed at the industry’s small pool of experienced negotiators, some of whom are, statistically, going to be corruptible.
Nothing about that is surprising. The industry has known it for years, and the internal-controls story at any credible firm is built around it: access logging on engagement files, mandatory two-person review on final settlement recommendations, hard walls between the negotiator and any personal-crypto exposure, restricted movement of settlement guidance out of a firm-controlled channel. Where those controls exist and are enforced, this scheme does not run for two years without tripping. Where they don’t, it does. Same mistake, different decade.
Why it lands this week
The reason the sentence reads as more than a curiosity is that the ransom-negotiation industry is currently the object of two structural pressures pushing in opposite directions. On one side, OFAC’s evolving guidance and a growing set of state-level restrictions on public-sector ransom payments have made the negotiation role more legally exposed than it was even in 2023, which raises the professional bar and thins the pool of firms willing to touch the work. On the other, the sheer volume of extortion cases, and the willingness of insurers to keep writing coverage for them, has expanded the throughput any given firm has to handle to stay solvent. Thin pool, high throughput, high-value information, and an adversary who has been reading the same trade press we have.
That is the environment in which Martino’s scheme was priced. It is also the environment the next one will be priced in.
Worth holding alongside the Talos essay from the same week arguing that defenders should retire the “attackers only need to be right once” cliché. The defender in a ransom engagement has never needed to be right 100% of the time. The negotiator does need to be honest 100% of the time, and treating this scheme as a case study of what to instrument for — rather than filing it as an aberration — is how that stays the norm.
Sourcing
- BleepingComputer: Former ransomware negotiator gets 4 years for BlackCat attacks — 2026-07-10 (headline rounds; sentence is 70 months)
- Related: Kairos Took $1M — and Never Encrypted a File — 2026-07-04
- Related: Talos on ‘attackers only need to be right once’ — 2026-07-10
Found this useful? Share it.


