NBA News Global
Cybersecurity2d ago 2m chicago.suntimes.com

Chicago Cybersecurity Employee Accused of $75M Ransomware Scheme

Federal prosecutors allege Angelo Martino, a former DigitalMint employee, orchestrated ransomware attacks while simultaneously negotiating ransom payments for the victims. The scheme allegedly extracted over $75 million from businesses across multiple industries through coordinated cyberattacks.
Chicago Cybersecurity Employee Accused of $75M Ransomware Scheme

Key Takeaways

  • 1.The scheme targeted businesses across hospitality, retail, medical and financial services sectors, with two individual ransom payments exceeding $25 million each, according to court documents.
  • 2.The operation began in 2023 and involved what prosecutors describe as an "affiliate" arrangement with the developers of ALPHV BlackCat ransomware, who provided the crew access to their malicious software.
  • 3."Martino was terminated the next day," DigitalMint CEO Jonathan Solomon said in a statement, referring to when the Justice Department informed the company of the allegations in April 2025.

A Chicago cybersecurity professional faces federal charges for allegedly running a sophisticated double-cross operation that netted more than $75 million in ransomware payments.

Angelo Martino, 41, worked as a negotiator for Chicago-based cybersecurity firm DigitalMint while secretly orchestrating the very cyberattacks that created his clients' need for his services, federal prosecutors allege.

The scheme targeted businesses across hospitality, retail, medical and financial services sectors, with two individual ransom payments exceeding $25 million each, according to court documents.

Martino and his associates allegedly used ALPHV BlackCat ransomware to infiltrate victims' computer networks, then demanded payment in exchange for decryption keys and promises not to publish stolen data.

The operation began in 2023 and involved what prosecutors describe as an "affiliate" arrangement with the developers of ALPHV BlackCat ransomware, who provided the crew access to their malicious software.

Federal authorities have seized Martino's Florida properties, vehicles, and more than $9 million in cryptocurrency as part of the investigation.

"Martino was terminated the next day," DigitalMint CEO Jonathan Solomon said in a statement, referring to when the Justice Department informed the company of the allegations in April 2025. Solomon added that the company reviewed Martino's work and found "no" evidence of wrongdoing in his legitimate activities.

The case highlights a troubling trend in cybercrime, where insiders exploit their positions of trust to orchestrate attacks from within. Two additional defendants, identified as Martin and Goldberg, were also terminated from their respective positions at DigitalMint and cybersecurity firm Sygnia.

According to TRM Labs, which assists financial institutions and government agencies like the FBI in investigating cryptocurrency-related fraud, ransomware attacks increased significantly last year alongside the proliferation of various ransomware types.

The investigation remains ongoing as federal authorities work to dismantle what they describe as a complex criminal enterprise that exploited businesses' vulnerabilities while masquerading as their protector. The case underscores the critical importance of vetting cybersecurity professionals and implementing robust internal controls to prevent such insider threats.

ransomwareextortioncybercrimeBlackCatAngelo MartinoDigitalMintChicagofederal prosecution