Angelo Martino colluded with ransomware crews, scammed victims of $75M+, gets 70 months
A “ransom negotiator” used access to steal from victims. Here is how regulators see it, and what boards should learn.

Angelo Martino, described as a ransomware negotiator, colluded with attackers to scam ransomware victims out of over $75 million, officials said. His sentence of 70 months in prison signals regulators are treating negotiation as part of the crime, not a separate service.
Angelo Martino, a man who presented himself as a “ransom negotiator,” was sentenced to 70 months in prison after officials said he colluded with attackers and helped scam ransomware victims out of over $75 million. In other words, the person positioned to “mediate” between criminals and victims allegedly became another link in the extortion chain.
That $75 million figure matters because it reframes what executives and boards often think they are buying when they hire outside help after an incident. Ransom negotiation is usually discussed as damage control, a way to reduce pressure, buy time, and potentially limit operational harm. But according to officials, Martino did not just advise on payment logistics. He participated in a scheme that extracted money from victims, meaning the negotiation process itself could be weaponized.
To understand why this case lands with extra force, look at the incentives around a ransomware event. Victims are often under extreme urgency. Systems are locked, networks are noisy, and the internal clock starts ticking on both business continuity and reputational risk. In that environment, decision-makers reach for anything that seems to reduce downtime or prevent data exposure. External intermediaries can appear like a path to control.
But intermediaries also have leverage. They can touch sensitive communications, influence timelines, and act as a channel between criminals and victim teams. When a negotiator has access, they can also become a single point of failure. If officials are correct, Martino used that access not to protect victims but to participate in scamming them. That turns a perceived “response service” into an additional fraud layer.
Regulators and prosecutors generally focus on intent and conduct. Here, officials said Martino colluded with attackers. Collusion is not a nuance. It implies coordination and shared purpose, not independent freelancing. That framing is important for corporate leaders because it suggests authorities are not willing to treat ransom-related facilitation as a gray area, especially when intermediaries cross the line from assistance into participation.
The second-order implication is board-level governance. After ransomware, companies often scramble: engage incident response firms, contact insurers, communicate with law enforcement, and sometimes engage legal counsel and outside negotiators. This case is a reminder that vendor risk does not pause during an incident. If a company brings in a negotiator or broker, the board and executives still need to understand who that person is, what they are doing, and what authorities might characterize their role as.
In practical terms, that means internal controls should cover crisis procurement. Even under pressure, companies can require basic due diligence and written scope. Executives can ask: what authority does the intermediary have, how is money handled, what communications are permitted, and how is decision-making documented? The goal is not to slow response. It is to avoid outsourcing your vulnerability to someone whose incentives are misaligned with yours.
There is also a culture and process point. Ransomware has become a business model for criminals: they market themselves, structure their demands, and rely on victims' fear. If negotiators can be co-opted, the criminal model gets stronger, because it adds a new revenue stream on top of ransom itself. The outcome is a higher cost to recover, higher deterrence pressure on future victims, and a longer tail of legal and operational disruption.
For peers in adjacent roles, this case is a governance stress test. Security executives, CFOs, general counsels, and board risk committees should treat “negotiation support” as an activity that requires scrutiny, not just trust. A 70-month sentence tied to allegations of collusion and more than $75 million in victim losses is a loud message: authorities view these actions as criminal, and they expect companies to distinguish between legitimate response assistance and exploitation. If you run a company, you are not just planning for ransomware. You are planning for the aftermath of human decisions made in panic, and for the vendors you bring into the room when time is short.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

Meta spends $50B on AI data centers. Wall Street cheers, but overbuild alarms ring
The money is real. The question is whether it outpaces demand, and what that means for rivals’ capital plans.

OnePlus may exit the US and Europe, ending months of brand-rumor chaos
If WinFuture’s report proves true, OnePlus and Oppo are preparing a US and Europe leaving announcement soon.

Apple turns revamped Siri into the iPhone backbone, available in iOS 27 public beta
The new Siri is no longer “just” a voice assistant, it's getting baked into daily iPhone workflows now.

