Justice Department Investigates Ex-DigitalMint Employee for Secret Ransom Deals

The US Justice Department has launched an investigation into a former employee of DigitalMint, a company that specializes in negotiating with hackers and facilitating cryptocurrency payments during ransomware attacks. The probe centers around allegations that the ex-employee struck secret deals with hackers to personally profit from the ransom money. According to DigitalMint President Marc Grens, the employee in question has been fired and is currently under investigation.

The investigation focuses on claims that the former employee made deals with hackers to personally benefit from ransom payments. This revelation highlights the potential for internal corruption within companies that negotiate with cybercriminals, raising concerns about the integrity of such operations. The Justice Department's probe underscores the need for stringent oversight and ethical standards within the industry to prevent such misconduct.

DigitalMint, based in Chicago, assists victims with ransomware negotiations and payments to hackers. The company has stated that it is not a target of the investigation and has been cooperating fully with law enforcement. Grens emphasized that once the allegations came to light, DigitalMint acted swiftly to protect its clients and communicated the facts to affected stakeholders. The company specializes in securely handling ransomware incidents and facilitating secure payments to hackers, with a client base that includes Fortune 500 companies. It is registered with the US Financial Crimes Enforcement Network.

The allegations against the former DigitalMint employee come at a time when ransomware attacks have become increasingly prevalent and sophisticated. These attacks often involve hackers encrypting a victim's data and demanding payment in cryptocurrency in exchange for the decryption key. The use of cryptocurrency in these transactions makes it difficult to trace the funds, making it an attractive option for cybercriminals.

According to a February report from cyber incident response firm Coveware, fewer companies are giving in to criminals’ demands. Only 25% of companies hit with extortion demands in the last quarter of 2024 paid the ransom, compared to 32% in the third quarter of 2024 and 36% in the previous quarter. This decline suggests that more organizations are improving their cybersecurity defenses, implementing better backup and recovery strategies, and refusing to fund cybercriminals. However, the drop could also be attributed to increased law enforcement efforts and stronger regulatory guidance discouraging ransom payments.

The investigation into the former DigitalMint employee serves as a reminder of the complexities involved in negotiating with hackers. While companies like DigitalMint play a crucial role in helping victims recover their data, the potential for internal corruption poses a significant risk. The Justice Department's probe is a step towards ensuring that such companies operate with transparency and integrity, protecting both their clients and the broader public from the fallout of ransomware attacks.

James Taliento, chief executive of the cyber intelligence services company AFTRDRK, highlighted that ransomware negotiators do not always act in their clients’ best interests. He noted that a negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. This underscores the need for greater scrutiny and ethical standards within the industry to ensure that negotiators prioritize the interests of their clients over personal gain.