Ransomware negotiator sentenced to six years for colluding with the attackers he was hired to fight

A former ransomware negotiator has been sentenced to 70 months in federal prison after admitting he colluded with the BlackCat ransomware group to extort the very victims who had hired him to represent them.

The sentence, handed down on Thursday, concludes a case that cybersecurity professionals describe as an unprecedented breach of trust in an industry built on handling organizations’ most sensitive moments, when their data is encrypted and attackers are demanding payment.

According to court documents, the negotiator leveraged his position to gather intelligence about victims’ financial positions, insurance coverage, and willingness to pay. He then fed that information to BlackCat operatives, who used it to set ransom demands calibrated to extract the maximum possible payment. In effect, he was working both sides of the negotiation table.

“His conduct sets a dangerous precedent that threatens to undermine the trust companies place in cybersecurity professionals when they are at their most vulnerable,” Ars Technica reported.

The case has sent ripples through the ransomware response industry, where third-party negotiators are routinely brought in to handle communication with attackers. Companies in the midst of a ransomware attack share detailed financial and operational information with their negotiator, precisely the kind of data that becomes dangerous in the wrong hands.

BlackCat, also known as ALPHV, was one of the most prolific ransomware operations of the early 2020s before a series of law enforcement actions disrupted its infrastructure. The group operated a ransomware-as-a-service model, recruiting affiliates to carry out attacks in exchange for a cut of ransom payments.

The 70-month sentence, the maximum available under the plea agreement, was intended, the judge said, to send a message that “selling out the very victims he was hired to represent” carries severe consequences.

Sources: Ransomware negotiator helped attackers extort his own clients, gets 6-year sentence (Ars Technica, Jul 10, 2026)

Scroll to Top