---

title: "Ransomware Negotiator Pleads Guilty: Harsh Lessons for Incident Response and Defenses" meta-description: "Ransomware negotiator pleads guilty — here’s what every DevSecOps team must fix now: AD hardening, backup air-gapping, and incident response drills that don’t start with who to call to pay off the crooks. Author: Tony D. (CISA, CISSP, GIAC)." publish-date: 2024-06-25 last-updated: 2024-06-25 reading-time: 7 min author: name: Tony DeSantis title: Principal Incident Responder, SecureForge experience: "15+ years handling ransomware and AD compromise (finance, energy, SaaS); led IR for 30+ ransomware incidents since 2017. Speaker at BSides SF and SANS Summits. Credentials: GIAC GCFA, CISSP, AWS Security, CISM. See my LinkedIn." disclosure: "SecureForge offers incident response retainers and tabletop exercises. Opinions my own." schema-type: Article keywords: ["ransomware negotiator guilty plea", "incident response checklist", "ransomware prevention AD segmentation", "backup air-gap"]

---

Ransomware Negotiator Pleads Guilty. Here’s What DevSecOps Teams Should Actually Fix.

---

News Flash: The Middlemen Are Now Targets

Angelo “Ang” Martino, an infamous ransomware negotiator, pleaded guilty on June 20, 2024, to laundering payments between U.S. victims and the BlackCat/ALPHV gang—sometimes