Angelo Martino is accused of playing both sides – committing attacks and conducting ransomware negotiations on some of the same cases on behalf of his former employer.

A 41-year-old South Florida man has been charged in connection with a series of ransomware attacks that allegedly generated more than $75 million in extorted payments, highlighting growing insider risks within the cybersecurity and healthcare threat landscape. The case underscores how cybercriminal tactics are evolving, particularly in sectors like healthcare, financial services, and medical data systems where sensitive patient information is at stake.

Federal prosecutors allege that Angelo John Martino III conducted at least 10 ransomware attacks while simultaneously working as a ransomware negotiator for DigitalMint, a firm hired by organizations to manage cyber extortion incidents. In a highly unusual scenario, Martino allegedly operated on both sides of the attacks—participating in the breaches while also negotiating ransom payments on behalf of affected clients.

According to court records, Martino leveraged access to confidential negotiation data to assist the ALPHV/BlackCat ransomware group, one of the most notorious cybercrime organizations targeting healthcare systems and critical infrastructure. By obtaining an affiliate account with the group, he allegedly collaborated with other former cybersecurity professionals to infiltrate networks, steal sensitive data, and encrypt systems across multiple industries, including healthcare and medical services.

The attacks impacted five U.S.-based organizations – including a nonprofit and companies in healthcare, retail, hospitality, and financial services – all of which paid ransom demands. Prosecutors claim Martino used insider knowledge to maximize ransom payouts, demonstrating how trusted cybersecurity roles can be exploited to facilitate cybercrime.

The ALPHV/BlackCat ransomware group has been linked to numerous high-profile healthcare breaches, including the 2024 attack on Change Healthcare that compromised data from approximately 190 million individuals. Such incidents continue to emphasize the urgent need for advanced cybersecurity frameworks, especially as healthcare organizations increasingly adopt AI in healthcare and digital patient data systems.

DigitalMint confirmed that Martino’s access to company systems was suspended immediately after federal authorities notified the firm of the investigation, and his employment was terminated the following day. CEO Jonathan Solomon stated that the company had no prior knowledge of the alleged criminal activity and has since strengthened internal safeguards to mitigate insider threats.

Law enforcement officials have seized approximately $9.2 million in cryptocurrency assets linked to Martino, along with luxury vehicles, properties, and other high-value items. He now faces charges of conspiracy to commit extortion, which carry a maximum penalty of up to 20 years in prison. Martino has been released on a $500,000 bond and is restricted from working in the cybersecurity industry.

This case highlights a rare but critical vulnerability within cybersecurity operations: insider risk within ransomware negotiation processes. As organizations across healthcare and other sectors continue investing in AI-driven security systems, threat detection, and data protection strategies, ensuring transparency, oversight, and ethical accountability within cybersecurity roles remains essential.

With ransomware attacks increasingly targeting healthcare systems and patient data, this incident serves as a reminder that safeguarding medical infrastructure requires not only advanced technology but also robust governance and trust in those tasked with defending it.

Recommended Cyber News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com