$25 million is the staggering sum that flowed from a nonprofit and a financial services firm into the pockets of cybercriminals, facilitated not by an oversight, but by an inside man. While companies in the retail, hospitality, and medical sectors sought out Angelo Martino to serve as their shield against digital extortion, federal prosecutors allege he was simultaneously acting as an architect of their financial ruin. By leaking his clients’ confidential negotiating positions to hackers, Martino allegedly turned the delicate process of incident response into a profit-maximizing engine for criminal syndicates.
The Cost of the "Inside Man"
Martino’s path from trusted consultant to criminal defendant reveals the profound vulnerability inherent in the cybersecurity supply chain. Over the course of his operations in 2023, Martino allegedly amassed at least $10 million in assets, a haul that included two properties and a luxury fishing boat. This capital was not derived from the standard fees of a professional negotiator; instead, it was the byproduct of a calculated betrayal. Alongside co-defendants Kevin Tyler Martin and Ryan Clifford Goldberg, Martino allegedly engaged in the very activity he was hired to prevent: the deployment of ransomware on victim networks.
The mechanics of this fraud were starkly transactional. In one instance, after extorting a victim for $1.2 million, the trio split the Bitcoin proceeds three ways. According to a senior Justice Department official, this case is considered "groundbreaking" precisely because it forces the cybersecurity industry to confront the reality that some of those paid to protect victims are actively incentivized to ensure they pay. For firms like DigitalMint, where Martino and Martin were employed, the revelation forced an immediate firing and a public distancing, with a company spokesperson noting that the firm had no knowledge of the criminal actions.
Market Incentives and the Transparency Gap
The shadow of this case extends far beyond the individual charges. Magnus Jelen, an executive at Coveware—which is owned by Veeam Software—points to a long-documented history of threat actors attempting to build direct, illicit relationships with negotiation firms. When these relationships flourish, the victim becomes a mere variable in an equation designed to maximize payouts. Jelen notes that some hackers have even developed mechanisms specifically to allow unethical intermediaries to profit from ransoms without the victim realizing their negotiator is working against them.
This lack of visibility has prompted a shift in how reputable firms structure their business models. Coveware, for example, has moved to eliminate processing fees for clients who choose to pay ransoms, aiming to ensure that advice on whether to pay remains objective and free from the bias of a commission. As the Justice Department official noted, the government is currently investigating at least one other instance of potential fraud within the industry, suggesting that the "explicit fraud scenario"—where a firm adds no value and exists only to extract capital from a compromised client—is a broader systemic risk.
What This Means for Your Wallet
For businesses, the takeaway is clear: the vetting of incident response partners is no longer a peripheral IT task; it is a critical component of fiscal risk management. The Justice Department is currently considering holding roundtables to address insider threats, a move that follows the 2019 FBI-led summit on ransomware. As federal scrutiny intensifies and more cases of "explicit fraud" likely come to light, the next reading of the Department of Justice’s ongoing investigations into cybersecurity firm practices will determine if the industry can successfully self-regulate or if a more rigid, government-mandated oversight framework is inevitable. Investors and executives should demand full transparency regarding how their negotiation firms are compensated, as any incentive structure tied to the size of a ransom payment now carries a significantly higher reputational and legal cost.
