Federal cases reveal ransomware negotiators acting as double agents who leaked insurance limits to inflate ransoms and collect kickbacks from attackers.
Mid-negotiation, a trusted incident-response lead tells a CISO the ransomware group will not drop below $8 million. Offline, the same lead messages the attackers: the insurer will clear $10 million—hold firm. Days later the board authorizes the higher figure. Bitcoin moves. A cut disappears into intermediate wallets. Months later federal agents unseal the private chat logs. This reconstruction, drawn from court records in the Angelo Martino prosecution, captures how a subset of ransomware negotiators have operated as double agents—feeding victims’ insurance limits and strategy to extortion groups while collecting from both sides.
Federal sentencing records now establish that some intermediaries hired to help enterprises under ransomware pressure leaked confidential positions, inflated demands, took kickbacks, and in some cases became ransomware affiliates themselves. The practice strikes at the core of crisis response and leaves boards, insurers, and counsel with an urgent model of third-party compromise.
Mechanics of Collusion
Collusion thrives on privileged access and invisible channels. A negotiator sits inside the victim’s crisis cell. The organization discloses policy limits, walk-away prices, and board appetite so the firm can negotiate effectively. That intelligence then travels through a separate chat—often Tor-based or under an alternate handle—that the employer and client never see.
Dual messaging is straightforward. The negotiator tells the client an offer of X is on the table while privately informing the gang the victim will pay X plus millions. Payment rails amplify the opportunity: when the firm controls the crypto wallet or on-ramp, kickbacks can be routed through secondary addresses without immediate detection. Some individuals escalated further, obtaining ransomware-as-a-service affiliate access and deploying the same malware against additional targets. Crisis trust, time pressure, and the absence of dual-control wallets or mandatory unredacted transcripts leave a single rogue with enough room to operate for months.
Documented Cases and Red Flags
The flagship case is Angelo Martino, a former ransomware negotiator at DigitalMint. Beginning in April 2023 he was paid by BlackCat/ALPHV actors to supply confidential negotiating positions and insurance limits for five clients spanning hospitality, nonprofit, financial services, retail, and medical sectors. Those organizations paid ransoms totaling more than $75 million, with individual payments ranging from roughly $213,000 to nearly $26.8 million. In one negotiation he told his employer he was sending one offer while secretly advising the attackers the client would pay $2 million more; the inflated amount was paid.
Martino later became a BlackCat affiliate. With co-conspirators Kevin Martin (also of DigitalMint) and Ryan Goldberg (an incident-response manager at Sygnia), the trio deployed ransomware against additional U.S. victims. One medical-device firm paid approximately $1.2 million in bitcoin, which the three split and laundered. On July 9, 2026, Martino received a 70-month prison sentence. Martin and Goldberg were each sentenced to 48 months on April 30, 2026. Authorities seized roughly $10 million in assets from Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat. A restitution hearing is scheduled for September 2026. DigitalMint and Sygnia stated the employees acted outside the scope of employment, terminated them after DOJ notification, and cooperated with investigators. Neither firm was charged as an entity.
Historical precedent stretches further. ProPublica’s 2019 investigation showed that certain “decryptor” firms marketed proprietary recovery technology yet secretly paid ransoms—sometimes without clear client disclosure—and charged large markups. Payments traced to SamSam actors later linked to Iranian entities raised sanctions and moral-hazard questions. Opacity plus fee structures that scaled with payment volume created durable incentives.
Red-flag indicators for defenders include ransom demands that jump sharply after the negotiator is briefed on insurance limits; resistance to full, unredacted chat transcripts or exclusive control of payment wallets; threat-actor recommendations of a specific negotiation firm; payment addresses previously linked to the same firm or individual across unrelated incidents; unexplained lifestyle jumps among staff; and pressure for rapid payment with limited independent legal or forensic challenge.
Quantified Harm
The Martino cluster alone produced more than $75 million in client ransoms while intelligence was being leaked, plus a documented $2 million inflation in a single negotiation and a $1.2 million affiliate hit on a medical-device company. Ten million dollars in assets were seized from one actor. Operational harm compounds the financial hit: negotiation gamed toward payment rather than restore-or-rebuild can extend downtime, and healthcare data leaks amplify human and regulatory cost. Reputational damage is acute—the language of ultimate betrayal of trust now attaches to any third-party negotiation. Industry-wide ransom medians provide market context but must not be read as proof of kickback uplift; double-extortion economics and insurance availability remain primary drivers. The proven cases nevertheless show that insider collusion can move individual claims by millions.
Regulatory Shortfalls
Criminal law has proven capable of response. Prosecutors used conspiracy to interfere with interstate commerce by extortion, computer-fraud statutes, and money-laundering charges successfully against Martino, Martin, and Goldberg. Sanctions rules prohibit payments to designated wallets or groups. CIRCIA imposes phased cyber-incident and ransom-payment reporting for critical infrastructure, and FBI and CISA guidance continues to discourage payment while acknowledging operational realities. Yet the professional layer remains almost entirely unlicensed. No U.S. federal or industry-wide regime requires ransomware negotiators or payment processors to meet fitness standards, carry bonds, or face revocation after collusion. Contracts typically contain SOWs and NDAs; dual-control payment language, audit rights over chat logs and wallets, and collusion clawbacks remain rare. Fee models are often opaque and can scale with volume, creating shared interest in larger payouts. Industry best practices—flat per-incident fees, refusal of threat-actor referrals—exist but are voluntary. Fiduciary-like duty is assumed, not audited.
Practical Safeguards and Reforms
Enterprises can act immediately. Prefer fixed or flat per-incident fees over percentage or complexity fees that rise with ransom size. Escalate or refuse any firm referred by the threat actor. Conduct background reviews of named individuals and prior affiliations. Require written sanctions-screening processes and a named compliance officer. Contract language should mandate delivery of full, unredacted chat logs to client counsel on demand and at close; dual control of payment wallets so the client or independent escrow co-signs every transfer; explicit prohibition of any compensation from threat actors; audit rights for an independent blockchain-forensics firm; clawback and indemnity for insurance-limit leakage or undisclosed attacker relationships; named personnel only with notice of staff changes; and a documented law-enforcement notification path.
Technical controls include client-side logging of negotiator access to insurance documents and financials; independent blockchain analytics on every proposed payment address before funds move; parallel second-opinion firms for large policies; sharing of insurance bands rather than exact limits until necessary; and post-incident comparison of initial demand versus final payment against peer benchmarks.
Policy levers that would restore transparency include licensing or registration of ransomware negotiators and IR payment processors; mandatory disclosure of fee models and attacker-referral policies; insurer-mandated multi-signature or escrow rails for covered ransoms; mandatory transcript and wallet-trail delivery to the insurer and, where applicable, CISA; whistle-blower safe harbors for insider collusion tips; and insurance-panel enforcement of a no-threat-actor-referral code. Restitution proceedings already under way in the Martino matter will test civil recovery pathways for inflated amounts.
Closing: Standardized Transparency Is Now Board Risk
The Martino sentences, set against the 2019 ProPublica findings, prove that double-agent behavior is not theoretical. It is a documented subset of a larger, still lightly regulated market. Structural incentives—opaque fees, single-point wallet control, crisis trust, and zero licensing—create exploitable gaps even when most firms and practitioners act in good faith. CISOs, IR leads, underwriters, and counsel now possess a clear risk model: one compromised insider with a side channel can move multi-million-dollar outcomes. Fixed-fee models, dual-control payments, mandatory transcripts, and independent forensics close the most immediate doors. Licensing, disclosure mandates, and escrow requirements would close the rest. Until those frameworks exist, every ransomware playbook that outsources negotiation without them remains incomplete.