Former Ransomware Negotiator Gets Nearly 6 Years In Prison For Aiding BlackCat/ALPHV Gang
July 16, 2026Read also: A Ryuk affiliate pleads guilty, police dismantle multimillion-dollar fraud operations, and more.

Ransomware negotiator sentenced to nearly six years in prison
A former ransomware negotiator has been sentenced to 70 months in prison for helping the BlackCat/ALPHV ransomware group extort victims.
Angelo Martino admitted to sharing confidential client information with BlackCat hackers while working at a US-based cyber incident response company. The stolen information helped the hackers demand higher ransom payments from victims.
Martino also worked with former cybersecurity professionals Kevin Martin and Ryan Goldberg to carry out more ransomware attacks between April and November 2023. The group successfully extorted one victim for about $1.2 million in Bitcoin before splitting and laundering the money.
Martino pleaded guilty in April to conspiracy to commit extortion. The same month, Martin and Goldberg were each sentenced to 48 months in prison.
Law enforcement has seized about $10 million in assets from Martino, including cryptocurrency, vehicles, a food truck, and a luxury fishing boat. A hearing to decide how much restitution Martino must pay is scheduled for September 17, 2026.
Armenian national pleads guilty in Ryuk ransomware extortion case
An Armenian national extradited from Ukraine to the United States has pleaded guilty to conspiracy and computer fraud for his role in a series of Ryuk ransomware attacks that targeted businesses and organizations across the US.
Karen Serobovich Vardanyan, 34, admitted to participating in a ransomware and extortion scheme between November 2019 and April 2020. Prosecutors said he and his co-conspirators illegally accessed victims' computer networks, deployed Ryuk ransomware to encrypt data, and demanded Bitcoin ransom payments in exchange for decryption keys.
According to court documents, the group targeted a Michigan company that paid 200 Bitcoin (worth more than $1.1 million at the time) to regain access to its network. Other victims included a technology company in Wilsonville, Oregon, and a Texas school. Authorities allege the conspiracy collected approximately 1,610 Bitcoin in ransom payments, valued at more than $15 million when received.
Vardanyan was indicted in February 2024 on charges of conspiracy, computer fraud, and extortion. Under his plea agreement, he has agreed to pay more than $1.1 million in restitution.
Vardanyan faces up to five years in prison for conspiracy and up to 10 years for computer fraud, along with potential fines and supervised release. He is scheduled to be sentenced on September 22, 2026.
Spain dismantles cybercrime network behind €140M fraud scheme
The Spanish National Police has dismantled an international cybercrime network accused of laundering around €140 million through online fraud schemes across Europe.
Four suspects were arrested in coordinated raids in Spain, Portugal, and Panama, with support from Europol and Interpol. The group allegedly carried out fake investment scams, CEO fraud, fake invoice schemes, and man-in-the-middle attacks.
Authorities said the organization created more than 800 bank accounts and 120 companies to launder stolen funds, using at least 67 foreign money mules. Police have traced more than €94 million in financial flows and linked the network to an additional €61 million stolen through CEO fraud in 2024.
Searches in Spain and Portugal led to the seizure of more than 170 smartphones and 15 computers allegedly used to process thousands of fraudulent transactions. Authorities also froze €3 million in suspected criminal proceeds for potential return to victims.
In an unrelated case, British authorities have charged five individuals linked to Russian Comms, a platform that provided tools used by criminals to scam victims worldwide.
The US charges three Russians over ransomware hosting services
US authorities have charged three Russian nationals accused of running ‘bulletproof hosting’ services that helped ransomware groups carry out cyber-attacks. Officials say the attacks caused more than $62 million in damages worldwide.
The Media Land and ML.Cloud services allegedly provided servers that made it harder for law enforcement to shut down criminal operations. The platforms were used for malware, phishing, and other illegal online activities, with servers located in the US, China, Finland, the Netherlands, and other countries.
Authorities named Aleksandr Volosovik as the owner of Media Land, Yulia Pankova as the owner of ML.Cloud, and Kirill Zatolokin as the person who handled customer payments.
Additionally, the US State Department has offered a reward of up to $10 million for information about the suspects, their cyber activities, or any links to foreign governments. At the same time, the EU has imposed sanctions on Media Land and ML.Cloud, as well as a number of people linked to Russian military intelligence and state-backed hacking units.
Separately, the US Treasury's Office of Foreign Assets Control (OFAC) has sanctioned VPN provider First VPN Service (1VPNS), its administrator Dmytro Rashevskyi, and Belarusian national Yegeniy Vladimirovich Silayev for supporting ransomware-related cyber-attacks. Officials say 1VPNS allowed cybercriminals to hide malicious activities by offering no-log VPN services and refusing to cooperate with law enforcement.
Dutch police dismantle a €100M crypto investment scam
Dutch police have dismantled a major international cryptocurrency investment scam that allegedly defrauded tens of thousands of people around the world. Authorities say the group had been operating since at least 2021 through around 24 call centers, with more than 700 workers pretending to be financial advisers.
Police arrested a 46-year-old man with Israeli and Polish citizenship, believed to be the main suspect, after he arrived in Poland from Dubai. Officials said the man was previously prosecuted for hacking and that a “well-known hacker” may have been involved.
The suspect has been extradited to the Netherlands and remains in custody while the investigation continues. Several other suspects were also arrested in Cyprus, Belgium, and Greece.
As part of the scheme, the scammers convinced victims to invest in fake cryptocurrency trading platforms. Victims saw false profits that encouraged them to invest more money, but in reality, the money was sent directly to the criminal group, often through cryptocurrency payments.
Dutch police estimate that victims in the Netherlands lost nearly €25 million, while the group is believed to have made more than €100 million each month from the scam.
Was kommt als Nächstes?
- Fordern Sie eine kostenlose Produktdemo oder Preisinformationen an.
- Registrieren Sie sich für unsere Webinare und Produktschulungen.
- Lesen Sie unseren wöchentlichen Blog „Cybercrime Investigations“
- Folgen Sie uns auf LinkedIn, X, Telegram und WhatsApp
- Abonnieren Sie unseren Newsletter
- Nehmen Sie an unserem Partnerprogramm teil.