The U.S. Department of Justice has launched a criminal investigation into a former ransomware negotiator who allegedly accepted unauthorized cryptocurrency payments from ransomware attackers. The incident is raising new questions about trust in cyber incident response services.
DigitalMint Employee Fired Amid Federal Crypto Probe
Chicago-based ransomware negotiation firm DigitalMint confirmed that a former employee is under investigation for striking undisclosed deals with hackers, potentially taking a personal cut of the crypto ransom payments.
“The investigation evidently involves alleged unauthorized conduct by the employee while employed here,” said DigitalMint President Marc Grens.
The employee was immediately terminated, and the company emphasized that it is not the target of the investigation and is fully cooperating with law enforcement.
DigitalMint’s Role in Ransomware Incidents
DigitalMint provides negotiation and payment services for victims of ransomware attacks, including Fortune 500 companies, and is registered with the U.S. Financial Crimes Enforcement Network (FinCEN). The firm specializes in securely handling cryptocurrency transactions during ransomware incidents.
“Trust is earned every day. As soon as we were able, we began communicating the facts to affected stakeholders,” Grens added.
Ransom Payments in Decline
Recent data shows a significant shift in how organizations respond to ransomware attacks:
- In Q4 2024, only 25% of companies paid the ransom, according to Coveware.
- This is down from 32% in Q3 and 36% in Q2, and a sharp decline from 85% in Q1 2019.
“More companies are refusing to fund cybercriminals, improving cybersecurity defenses, and enhancing recovery plans,” Coveware stated.
A 2024 Chainalysis report also found that ransomware-related payments dropped 35% to $815 million, down from $1.25 billion in 2023.
Industry Concerns Over Negotiator Integrity
Cybersecurity experts caution that negotiators may not always act in their clients’ best interests. James Taliento, CEO of AFTRDRK, warned:
“A negotiator isn’t incentivized to lower the ransom if their company profits from the payment size. Plain and simple.”
This follows historic reports of U.S. recovery firms allegedly paying attackers directly, then charging clients premium rates under the pretense of advanced recovery techniques.
Conclusion: Regulatory Scrutiny Tightens
The case underlines growing concerns about the ethics and oversight of ransomware negotiators, especially as the U.S. intensifies efforts to combat ransomware through sanctions, regulation, and criminal enforcement.
The outcome of the investigation could set new compliance standards for cyber recovery firms involved in crypto-based ransom cases.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.