🔴 The ransomware negotiator who was working for the other side… 😱

This is the kind of story that makes you question everything.

Angelo Martino, a 41-year-old ransomware negotiator employed by incident response firm DigitalMint, pleaded guilty this week to conspiring with the BlackCat ransomware gang.

While he was supposedly negotiating on behalf of five victim companies, he was secretly feeding the attackers their clients’ insurance policy limits and internal negotiation strategies, allowing BlackCat to maximise their ransom demands. Help Net Security

It gets worse. Martino also admitted to actually deploying BlackCat ransomware himself alongside two colleagues. Between them, they extorted multiple US companies, with one victim paying $1.2 million in Bitcoin that the three then split and laundered. The Hacker News

The DOJ has seized $10 million in assets from Martino including a luxury fishing boat, two properties, and a food truck. Sentencing is set for July.

🟡 Microsoft's April patch broke domain controllers (but they've just fixed it)

If any of your clients’ servers have been looping on restart this week, here’s why.

Microsoft’s April 2026 Patch Tuesday update caused some Windows Server domain controllers to enter repeated reboot loops, due to LSASS crashes during startup.

In affected environments, authentication and directory services stopped functioning entirely, potentially rendering the domain unavailable. Bleeping Computer

The emergency fix is now out. Microsoft has released out-of-band updates for Windows Server 2016 through 2025.

If you haven’t already applied them, the KB numbers to look for are

• KB5091157 for Server 2025

• KB5091575 for Server 2022

• KB5091571 for Server 23H2

• KB5091573 for Server 2019, and

• KB5091572 for Server 2016

Interestingly, this is the third consecutive year that Microsoft’s April security update has disrupted Windows Server domain controllers. Tom’s Hardware

Get one of your techs on this, this morning.

🟢 MSP owners given the most honest summary of AI yet

Channel Dive published a great piece this week from the Channel Partners Conference in Las Vegas, and one quote cuts through all the noise.

Expedient CEO Bryan Smith described what he’s calling the AI trilemma:

• 80% of companies need to redo their hardware and infrastructure before they can properly use AI

• 70% want to reduce their cloud spending

• And nearly 100% are rethinking which virtualisation platform they’re running

And all three of those decisions are tangled up together. You can’t make one without affecting the others. Channel Dive

That’s your clients in a nutshell. They want AI. But they also have aging servers, growing cloud bills, and IT foundations that weren’t built for any of this. They’re stuck.

Which is exactly where you come in. You saviour, you.

For MSPs who have positioned themselves in this space, the average AI service deal is taking just one to two months from initial conversation to close, driven by demand from the top down.

The MSPs winning those deals are the ones who walked in already knowing how to untangle the infrastructure mess underneath it.

Alrighty… that's your MSP Minute for Thursday. We’ll be back in your inbox tomorrow morning.