my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

He Hacked Companies, Then Billed Them $75 Million to Recover From His Own Attacks

John Z Black Mar 22, 2026 Ransomware & Cybercrime #ransomware #DigitalMint #Angelo Martino #insider threat #ransomware negotiation #fraud #cybercrime

Your company gets hit with ransomware. You find a firm that specializes in exactly this: they’ll negotiate, handle the crypto payment, get your keys, get you back online.

You hire them. You pay. The files come back. Crisis over.

What you don’t know is that the person who helped you was the same person who locked your files. He collected fees from both ends of the transaction.

That’s the Angelo Martino case.

The Setup

DigitalMint is a Chicago-based company that helped ransomware victims navigate payments – converting dollars to crypto, managing blockchain transactions, and negotiating with threat actors. It’s a real service. When your plant is down and a ransomware gang is demanding $2 million in Bitcoin, you want someone who’s done this before.

Martino worked at DigitalMint. Federal prosecutors allege he also orchestrated the attacks that brought victims to the firm’s door.

The mechanics: he helped plan or execute ransomware attacks. When victims sought help recovering, they ended up at DigitalMint. Money came in from both directions. Victims were promised their data wouldn’t be published if they paid – a promise that came from the same operation that stole it.

Total ransoms brokered through the scheme: approximately $75 million. And federal charges also name Marc Grens, a co-founder of DigitalMint. This isn’t a rogue-employee story. That changes things.

The Conflict of Interest That Was Already There

Here’s the part worth sitting with. Ransomware negotiation firms are paid more when there’s more ransomware. Their business model depends on incidents. That’s not an accusation – it’s just math. You don’t need to be crooked to benefit from other people’s crises.

Most ransomware negotiators are legitimate and do real work. But the Martino case is the extreme version of an incentive structure that’s always been unusual: you hire someone whose revenue depends on incidents occurring to advise you on whether to pay the criminals behind the incident.

What to Look For When Hiring These Firms

This isn’t an argument against ever hiring a ransomware negotiation firm. It’s an argument for doing due diligence before you’re in crisis, when you have time to think.

Check who’s running the firm. Understand their pricing model – percentage-of-ransom incentives push toward higher payments. Ask whether they ever push back on ransom demands or recommend alternatives. Get references you can actually verify. And ask whether they’ll coordinate with law enforcement rather than avoid it.

The ransomware payment ecosystem grew fast, with minimal oversight, in response to a crime wave nobody was ready for. Most firms in that space are legitimate. “Most” isn’t the same as “all,” and the gap doesn’t come with a vetting process built in.

The full DigitalMint case and what it means for the ransomware recovery industry.