2026年4月22日 美国东部时间05:00 / 美国有线电视新闻网(CNN)
作者:肖恩·林加斯
3小时前
发布于2026年4月22日,美国东部时间05:00
数字安全 | 联邦机构
Athima Tongloom/Moment RF/Getty Images
美国零售、酒店和医疗行业的企业曾信任安杰洛·马蒂诺,委托他与试图勒索他们的黑客进行谈判。但联邦检察官指控,他反而让勒索情况变得更糟。
马蒂诺作为勒索软件谈判员——网络安全领域最敏感的职位之一——据称累计积累了至少1000万美元资产,包括一艘豪华渔船和两处房产。
据联邦检察官透露,他还向一个主要网络犯罪团伙提供了其客户的谈判立场信息,以“最大化”赎金金额,进而从中抽取自己的分成。
负责此案的司法部高级官员告诉CNN,这起案件具有“开创性”,因为它给网络安全行业提出了尖锐问题:究竟是谁在付费保护勒索软件受害者。这也迫使那些不得不应对勒索谈判阴暗面的安全公司进行自我审视。
勒索软件攻击会锁定计算机,迫使攻击者索要赎金,这类攻击已让美国经济损失数十亿美元,并导致关键服务停摆。这一威胁催生了一个利润丰厚的网络安全服务行业,这些公司要么协助谈判赎金,要么协助执法部门追踪黑客。其中许多受雇者是专业人士,但也有一些并非如此。
“多年来从事勒索软件相关工作时,我们一直……听到有关不当行为的传言,因此出现这类指控的案件并不令人意外,”这位司法部官员在采访中表示。
该官员透露,司法部已经在调查网络安全行业至少另一起无关的涉嫌欺诈案件,并可能在未来几个月提起诉讼。
“我认为目前存在的是我所谓的明确欺诈场景:所谓的事件响应公司实际上没有提供任何价值,只是在欺骗受害者,”这位司法部官员说。
根据法庭文件,在马蒂诺的帮助下,该网络犯罪团伙从一家非营利组织和一家金融服务公司获得了2500万美元甚至更高的赎金。马蒂诺和另外两名被控涉案的网络安全专家凯文·泰勒·马丁、瑞安·克利福德·戈德堡被指控在受害者计算机上部署勒索软件——而这正是他们本应阻止的行为。司法部称,在从一名受害者处勒索到120万美元后,三人将比特币赎金平分。
马蒂诺据称屈服了许多勒索软件谈判员都曾面临的诱惑。
“勒索软件攻击者有着长期且有据可查的企图,试图与谈判公司建立直接联系,”隶属于Veeam软件公司的事件响应公司Coveware的高管马格努斯·耶伦说道,“在某些情况下,他们甚至开发了机制,让不道德的中介机构能够在受害者完全不知情的情况下从赎金中获利。”
司法部本周宣布,马蒂诺已对一项重罪指控认罪。马丁和戈德堡也已在本案中认罪。他们的涉嫌犯罪行为发生在2023年。
马丁和戈德堡的律师拒绝置评。马蒂诺的律师未回应置评请求。
根据其官网信息,马丁和马蒂诺曾就职于DigitalMint,这家位于伊利诺伊州的公司帮助受害者从勒索软件攻击中恢复,有时还会垫付赎金。DigitalMint的发言人本周告诉CNN,公司在得知司法部的指控后立即解雇了这两人。
“正如政府以书面形式和在法庭上明确指出的那样,以及马蒂诺在宣誓声明中承认的那样,DigitalMint对马蒂诺的犯罪行为毫不知情,”该发言人说道。
“马蒂诺及其同谋的行为,公司此前并不知情,显然违反了公司的价值观、道德标准和法律,”该发言人补充道。
联邦调查局、司法部和许多前执法背景的网络安全高管长期以来一直相互依赖,以破获勒索软件案件。他们互相交换情报、交流信息,并协助摧毁黑客使用的计算机基础设施。
2019年,在勒索软件攻击频发的背景下,联邦调查局召集了美国一些顶尖的私人专家举行闭门峰会,寻求应对这一威胁的新方案。
七年之后,在马蒂诺、马丁和戈德堡案件引发关注后,美国官员正考虑举办“圆桌会议”或其他活动,讨论网络安全公司如何防范内部威胁,这位司法部官员告诉CNN。
该行业的一些公司已经更新了安全操作规范。总部位于康涅狄格州的Coveware表示,对于选择支付赎金的客户,公司不再收取任何手续费。
“关于赎金支付的建议必须完全客观,不受激励偏见影响,”Coveware高管耶伦说道。
“当这些激励结构暗中运作时,受害者将承担后果,”他说,“企业最终可能会支付本可避免的赎金,进一步助长网络勒索经济,强化让更多企业陷入风险的循环。”
The ‘groundbreaking’ case of the cyber experts who allegedly broke bad and worked with criminals
2026-04-22 05:00 AM ET / CNN
By Sean Lyngaas
3 hr ago
PUBLISHED Apr 22, 2026, 5:00 AM ET
Digital security Federal agencies
Athima Tongloom/Moment RF/Getty Images
US companies in the retail, hospitality and medical sectors trusted Angelo Martino to negotiate with hackers who were trying to extort them. Instead, he made the extortion worse, federal prosecutors allege.
Martino allegedly accumulated at least $10 million in assets, including a luxury fishing boat and two properties, as he worked as a ransomware negotiator — one of the most sensitive jobs in cybersecurity.
He also gave a major cybercriminal gang information about his clients’ negotiating positions in order to “maximize” the ransom payments and then take his own cut of them, according to federal prosecutors.
The case is “groundbreaking” because it raises tough questions for the cybersecurity industry about who is being paid to protect ransomware victims, a senior Justice Department official who oversaw the case told CNN. It is also causing a reckoning among security firms that have to deal with the seedy underworld of ransom negotiations.
Ransomware attacks, which lock a computer so the attacker can demand payment, have cost the US economy billions of dollars and shut down critical services. The threat has spawned a lucrative industry of cybersecurity providers who negotiate ransom payments or help law enforcement track down the hackers. Many of those hired are professionals. Some aren’t.
“In working on ransomware for many years, we were … hearing rumors [of misconduct], and I wasn’t shocked that we ended up with a case with these types of charged facts,” the Justice Department official said in an interview.
The Justice Department has looked at at least one other, unrelated instance of alleged fraud in the cybersecurity industry and could bring charges in the coming months, the official said.
“What I think is out there is what I would call more the explicit fraud scenario, where the so-called incident response firm is really not adding any value at all and just defrauding the victim,” the Justice Department official said.
With Martino’s help, the cybercriminal gang was able to secure ransom payments of $25 million or more from a nonprofit and a financial services firm, according to court documents. Martino and two other cybersecurity experts charged in the case, Kevin Tyler Martin and Ryan Clifford Goldberg, are accused of deploying ransomware on victim computers — the very activity they’re trained to stop. After extorting one victim for $1.2 million, the three men split the Bitcoin payment three ways, according to the Justice Department.
Martino allegedly succumbed to a temptation that many ransomware negotiators have faced.
“Ransomware threat actors have a long and well documented history of attempting to build direct relationships with negotiation firms,” said Magnus Jelen, an executive at incident response firm Coveware, which is owned by Veeam Software. “In some cases, they have even developed mechanisms designed to allow unethical intermediaries to profit from ransom payments without full visibility for victims.”
Martino pleaded guilty to a felony charge, the Justice Department announced this week. Martin and Goldberg have also pleaded guilty in the case. Their alleged crimes took place in 2023.
Attorneys for Martin and Goldberg declined to comment. An attorney for Martino did not respond to requests for comment.
Martin and Martino worked for DigitalMint, an Illinois-based firm that helps victims recover from ransomware attacks and in some cases pays ransoms, according to its website. DigitalMint says it immediately fired the men after learning of the Justice Department’s allegations.
“As the government explicitly stated in writing and in court, and Martino admitted in a sworn statement, DigitalMint had no knowledge of Martino’s criminal actions,” a DigitalMint spokesperson told CNN this week.
“The actions of Martino and his co-conspirators, unknown to the company, were in clear violation of the company’s values, ethical standards, and the law,” the spokesperson said.
The FBI and Justice Department and cybersecurity executives, many of whom are ex-law enforcement, have long relied on each other to crack ransomware cases. They feed each other intelligence, compare notes and help take down computer infrastructure used by the hackers.
In 2019, amid a spate of ransomware attacks, the FBI convened some of the nation’s leading private experts at a closed-door summit for fresh ideas on how to deal with the threat.
Seven years later, in the wake of the case involving Martino, Martin and Goldberg, US officials are considering holding “roundtables” or other events to discuss how cybersecurity firms can prevent insider threats, the Justice Department official told CNN.
Some firms in the business have already updated their security practices. Connecticut-based Coveware says it no longer charges any processing fee for clients that choose to pay ransoms.
“Advice on ransom payments must be completely objective and free from incentive bias,” said Jelen, the Coveware executive.
“When these incentive structures operate out of sight, it is the victims who bear the consequences,” he said. “Organizations end up paying ransoms that might otherwise have been avoided, further fueling the cyber extortion economy and reinforcing a cycle that puts more businesses at risk.”
发表回复