Justice Department Investigates Former Ransomware Negotiator for Alleged Deals with Hackers

The US Justice Department has initiated an investigation into a former ransomware negotiator who is suspected of striking deals with hackers to take a cut of the cryptocurrency used to pay the extortionists. The former employee of DigitalMint, a Chicago-based company that assists victims with ransomware negotiations and payments to hackers, is the target of this ongoing criminal investigation.

DigitalMint President Marc Grens confirmed the allegations in a statement, noting that the employee was "immediately terminated" upon the discovery of the misconduct. Grens emphasized that DigitalMint is not a target of the investigation and has been fully cooperating with law enforcement. The company has also taken swift action to protect its clients and communicate the facts to affected stakeholders.

DigitalMint specializes in securely handling ransomware incidents and facilitating secure payments to hackers. Its client base includes Fortune 500 companies, and it is registered with the US Financial Crimes Enforcement Network.

The investigation comes at a time when fewer companies are giving in to ransomware demands. A February report from cyber incident response firm found that only 25% of companies hit with extortion demands in the last quarter of 2024 paid the ransom. This is a significant decrease from the 32% of companies that paid in the third quarter of 2024 and the 36% in the previous quarter. In the first quarter of 2019, 85% of companies paid the ransom when demanded.

The decline in ransom payments suggests that more organizations are improving their cybersecurity defenses, implementing better backup and recovery strategies, and refusing to fund cybercriminals. Additionally, increased law enforcement efforts and stronger regulatory guidance discouraging ransom payments may also be contributing factors.

In a related development, the US Treasury sanctioned Russia-based Aeza Group, along with its top brass and a crypto wallet connected to the service, for allegedly hosting ransomware and info-stealers. This move is part of the ongoing efforts to combat ransomware gangs.

A separate report by blockchain analytics provider found that payments extorted through ransomware attacks decreased by 35% to $815 million in 2024 compared to $1.25 billion in 2023. This decline indicates a growing resistance to ransomware demands and a shift in strategies to combat cyber threats.

James Taliento, chief executive of the cyber intelligence services company, highlighted that ransomware negotiators do not always act in their clients' best interests. He noted that a negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid.

This investigation underscores the complexities and ethical dilemmas involved in ransomware negotiations. It also raises questions about the transparency and integrity of the companies involved in these negotiations. As the threat of ransomware continues to evolve, it is crucial for organizations to remain vigilant and implement robust cybersecurity measures to protect against such attacks.