The US Department of Justice has charged Angelo John Martino III with allegedly helping conduct ransomware attacks while also negotiating payments for the victims. Prosecutors say Martino, a former ransomware negotiator at the cybersecurity firm DigitalMint, secretly collaborated with the ALPHV/BlackCat ransomware group to extort about $75.25 million from at least ten organizations.

According to the indictment, Martino allegedly obtained an affiliate account with the BlackCat operation and worked with other cybersecurity professionals to breach corporate networks, steal data, and deploy ransomware.

Authorities say he then exploited his position at DigitalMint by participating in the response process when victims sought help, sometimes being assigned to negotiate ransom payments on behalf of companies that had been attacked. In several cases, prosecutors say, this meant Martino was effectively negotiating with himself.

Martino had previously been identified as “Co-Conspirator 1” in an October 2025 indictment involving two other cybersecurity professionals, Kevin Tyler Martin and Ryan Clifford Goldberg, who both pleaded guilty in December 2025 for their roles in the scheme.

Authorities say Martino surrendered to US Marshals on March 10, 2026. He now faces one count of conspiracy to interfere with interstate commerce by extortion.

International police operation dismantles SocksEscort proxy network

An international law enforcement operation has disrupted SocksEscort, a proxy network that infected thousands of home and small-business routers with malware and sold access to cybercriminals.

Authorities say the service had been operating since 2020, offering access to roughly 369,000 IP addresses worldwide. By February 2026, around 8,000 infected routers were still active. The network allowed criminals to hide their real locations while carrying out illegal activities such as fraud, ransomware attacks, and distributed denial-of-service (DDoS) attacks.

During the operation, authorities seized 34 domains and 23 servers located in seven countries. In addition, the United States froze approximately $3.5 million in cryptocurrency believed to be connected to the criminal operation.

A separate Interpol-led cybercrime crackdown called ‘Operation Synergia III,’ shut down more than 45,000 malicious IP addresses and servers. The operation resulted in 94 arrests, with another 110 suspects still under investigation. Authorities uncovered large phishing networks in Macau, China, including over 33,000 fake websites posing as casinos, banks, government services, and payment platforms to steal victims’ money and personal data. In Togo, police arrested 10 suspects running scams such as hacked social media impersonation, romance fraud, and sextortion, while in Bangladesh, authorities detained 40 people and seized 134 electronic devices linked to cybercrimes, including loan scams, job fraud, identity theft, and credit card fraud.

A convicted scammer faces charges for running a new phishing op from prison

A scammer already serving time for fraud is facing new charges after prosecutors accused him of running another sophisticated phishing scam targeting professional athletes from prison.

Kwamaine Jerell Ford, 34, allegedly posed as a well-known adult film star on social media to lure high-profile victims, including NBA and NFL players. According to the US Department of Justice, Ford tricked victims into sharing their iCloud login credentials and multifactor authentication (MFA) codes, giving him access to sensitive personal and financial data. Authorities say Ford carried out parts of the scheme from federal prison, where he was serving a sentence for a similar scam that began in 2015. After his release on probation in January 2022, he allegedly continued the operation through September 2024.

Prosecutors claim Ford conducted more than 2,000 unauthorized transactions using stolen debit and credit card information. The total financial losses and number of victims have not been disclosed. The scheme reportedly involved sending fake messages that appeared to come from Apple customer support. Victims were told they needed to enter MFA codes to access shared content, which instead allowed Ford to break into their accounts.

In addition to fraud charges, Ford is accused of exploiting an OnlyFans model by falsely promising career opportunities. Prosecutors say he coerced the individual into recording explicit content involving athletes and took a share of the profits. Ford has pleaded not guilty to 22 charges, including wire fraud, identity theft, and access device fraud. He remains in custody without bail as he awaits trial.

Ukrainian police dismantle call center fraud network targeting EU citizens

Ukrainian law enforcement agencies have uncovered and dismantled a network of fraudulent call centers that targeted citizens of European Union countries, particularly Latvia, as part of an international cyber operation codenamed “Scammer.”

The operation was conducted by cyber police and investigators from the National Police of Ukraine, under the procedural guidance of the Prosecutor General’s Office, in cooperation with Latvia’s cybercrime authorities. Authorities identified members of an organized group involved in gaining unauthorized access to victims’ online banking accounts and transferring funds to controlled accounts.

The group operated a network of call centers that used social engineering tactics to deceive foreign citizens. Callers posed as Latvian police officers or bank employees, convincing victims to disclose sensitive banking information under the pretext of security checks. Once they obtained access, the suspects carried out unauthorized transactions and transferred money to accounts held by so-called “money mules.” The funds were later withdrawn in cash and distributed among members of the criminal group.

Two Ukrainian nationals are believed to have managed the mule accounts. While in Latvia, they recruited individuals to open bank accounts across Europe and hand over control of their cards in exchange for small payments. Ukrainian and Latvian law enforcement officers conducted searches at the suspects’ residences, seizing mobile phones and computer equipment that may contain evidence of illegal activity.

So far, more than 20 Latvian citizens have been identified as victims, suffering losses totaling over €300,000 (approximately 15 million hryvnias). The suspects have been formally charged with money laundering under Part 3 of Article 195 of the Criminal Law of the Republic of Latvia.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Met police seize major Dark Web marketplace in cybercrime crackdown

The Metropolitan Police Service has shut down the major online marketplace AEGIS Marketplace used for illegal drug sales. The website allowed individual sellers to advertise and distribute drugs, with transactions conducted through cryptocurrency to maintain anonymity.

Police estimated that the site hosted around 30 active sellers and had facilitated approximately 10,000 drug transactions in just ten months. Authorities believe the operation generated nearly £2 million in annual revenue.

Police officers were able to gain access to the platform’s infrastructure and retrieve server data that allowed them to identify the platform’s administrators, vendors, and customers. The Met report doesn’t mention whether any arrests have been made in connection to the case.

In the meantime, a 30-year-old man from Michigan, the US, was sentenced to 5 years in prison for wire fraud and identity theft. He bought thousands of stolen login details from the Genesis Market Dark Web site and used them to make fraudulent transactions and resell some data. The marketplace, which sold stolen personal information from victims worldwide, was shut down by the FBI in April 2023.