Ransomware Negotiator Pleads Guilty for Facilitating BlackCat Attacks on U.S. Companies (2023)
What Happened — In April 2023, Angelo Martino, a professional ransomware negotiator, joined forces with the BlackCat ransomware operators and helped the gang extract larger ransom payments from five U.S. victims. He was arrested, charged, and has now entered a guilty plea.
Why It Matters for TPRM —
- Negotiators can amplify the financial impact of ransomware incidents, turning a breach into a costly extortion cycle.
- The involvement of a “third‑party” negotiator highlights the need to vet any external actors who may be engaged during incident response.
- Legal outcomes provide precedent for liability and potential civil exposure for organizations that rely on unvetted negotiators.
Who Is Affected — U.S. enterprises across multiple sectors that were targeted by BlackCat in 2023; any organization that might consider hiring external negotiators in the future.
Recommended Actions —
- Review contracts and policies governing the use of third‑party negotiators or incident‑response consultants.
- Ensure that any external party engaged during a ransomware event is vetted for security hygiene and legal compliance.
- Incorporate negotiator‑related risk into your ransomware response playbook and insurance assessments.
Technical Notes — The attacks leveraged BlackCat’s ransomware payload (a variant of ALPHV) delivered via compromised credentials and phishing. Martino’s role was purely negotiation, not technical exploitation, but his actions increased ransom demands and prolonged exposure. Source: The Hacker News