Insider Threat Exposed in BlackCat Ransomware Cyber Conspiracy

A United States cybersecurity professional has pleaded guilty to participating in a ransomware conspiracy, in a case that underscores the growing threat of insider risk within the cyber incident response ecosystem. The Department of Justice confirmed that Angelo Martino, a former ransomware negotiator, conspired with BlackCat ALPHV operators to both facilitate and execute attacks against U.S. organisations in 2023.

According to court filings, Martino exploited his position at a cyber incident response firm to leak highly sensitive client intelligence directly to ransomware actors. This included insurance policy limits and internal negotiation strategies, information that materially strengthened the attackers’ leverage and increased ransom demands. The case highlights a critical vulnerability in the ransomware response model, where trusted intermediaries can become points of compromise.

Martino also admitted to actively participating in ransomware deployment alongside co-conspirators, demonstrating a shift from passive facilitation to direct criminal involvement. The group successfully extorted approximately $1.2 million in Bitcoin from at least one victim, with proceeds subsequently laundered. U.S. authorities have seized more than $10 million in assets linked to Martino, signalling an aggressive asset recovery approach in cybercrime enforcement.

The involvement of multiple cybersecurity professionals in the conspiracy raises broader concerns about governance, oversight and ethical controls within the incident response sector. Firms operating in ransomware negotiation and remediation now face heightened scrutiny around employee vetting, access controls and segregation of duties. This case may prompt regulators and industry bodies to revisit standards for third party cyber response providers.

From an enforcement perspective, the case reflects continued U.S. prioritisation of ransomware disruption. It follows earlier action against BlackCat infrastructure in December 2023, where the Federal Bureau of Investigation developed decryption tools and prevented an estimated $99 million in ransom payments. Authorities are increasingly targeting not only threat actors but also facilitators embedded within legitimate organisations.

Martino faces a maximum sentence of 20 years in prison, with sentencing scheduled for 9 July 2026. The case serves as a clear warning that insider-enabled cybercrime will be pursued with the same intensity as external attacks, particularly where professional trust has been abused for financial gain.

Read the press release here.