PersonUS

Kevin Martin

DigitalMint ransomware negotiator who pleaded guilty to using ALPHV/BlackCat against US victims, implicating the negotiation industry in insider abuse.

Last refreshed: 17 April 2026 · Appears in 1 active topic

Key Question

How did a ransomware negotiator end up helping attackers extort his own clients?

Timeline for Kevin Martin

#117 Apr

Pleaded guilty to conspiracy to obstruct commerce by extortion for deploying ALPHV/BlackCat ransomware against US victims between April and December 2023 while employed at DigitalMint

Cybersecurity: Threats and Defences: IR staff pleaded guilty to using ALPHV

View full timeline →

Follow Cybersecurity: Threats and Defences →

Common Questions

Who is Kevin Martin and what did he do?: Kevin Martin was a ransomware negotiator at DigitalMint who pleaded guilty to using ALPHV/BlackCat ransomware against US victims between April and December 2023, exploiting his negotiator access to victim organisations. Sentencing was scheduled for March 2026.Source: DOJ

Background

Kevin Martin, aged 36, was a ransomware negotiator at DigitalMint when he conspired with Ryan Goldberg (an incident-response professional at Sygnia) to use the ALPHV/BlackCat ransomware family against US victims between April and December 2023. Both pleaded guilty to conspiracy to obstruct commerce by extortion; sentencing was scheduled for 12 March 2026. Martin's role as a ransomware negotiator gave him access to victim organisations' financial posture, negotiation strategy and vulnerability, which the DOJ's case implies was exploited as part of the extortion scheme.

DigitalMint provides Cryptocurrency compliance and ransomware negotiation services. Ransomware negotiators occupy a sensitive position: they are retained by breach victims to manage communications with ransomware operators and advise on payment decisions. Access to victim negotiation posture is commercially sensitive and potentially exploitable by an insider with separate connections to ransomware operators.

The Martin and Goldberg prosecutions together cover both the IR and negotiation arms of the breach-response industry. For organisations engaging ransomware negotiators, the Martin case adds negotiator background screening and conflict-of-interest verification to the due-diligence checklist. The structural risk is that ransomware negotiators with dual relationships — legitimate clients and criminal-side connections — represent an insider-threat vector specific to the ransomware-response market.

How the World Sees Them

DOJ

The Martin prosecution extends the insider-abuse precedent from IR to ransomware negotiation; both arms of the breach-response industry are now in scope for DOJ enforcement.

Victim organisations

Ransomware negotiators with inside knowledge of victim financial posture and payment limits are a recognised insider-threat vector; due-diligence requirements now extend to negotiation firms as well as IR firms.

Ransomware negotiation industry

Martin's case is the first prosecution of a negotiator for working both sides of a ransomware attack; it creates immediate pressure on the industry to implement conflict-of-interest controls.