A hot potato: Federal investigators are examining allegations that a former employee of DigitalMint, a Chicago-based company specializing in ransomware negotiations and cryptocurrency payments, may have profited by collaborating with hackers during extortion incidents. The investigation is drawing attention to the rapidly growing industry that helps victims manage the aftermath of ransomware attacks.
DigitalMint, founded in 2014 and operating under the name Red Leaf Chicago, has built its reputation on providing swift, secure cryptocurrency transactions for organizations facing ransom demands.
The company states that it has handled over 2,000 ransomware cases since 2017, providing services that include incident response and direct negotiations with threat actors. Its clients range from small businesses to Fortune 500 companies, according to information on its website.
The current investigation centers on claims that a former employee made deals with hackers to personally benefit from ransom payments. DigitalMint President Marc Jason Grens informed partner organizations that the U.S. Department of Justice is examining the allegations, which he described as isolated.
The employee, whose identity has not been disclosed, was terminated immediately after the alleged misconduct was discovered. "As soon as we were able, we began communicating the facts to affected stakeholders," Grens told Bloomberg.
DigitalMint is cooperating with law enforcement and emphasized that the company is not the target of the investigation. Grens said he could not provide further details while the probe is ongoing. The Justice Department declined to comment on the case.
The allegations have led some law and insurance firms to warn clients against hiring DigitalMint, reflecting growing concerns about the ethics and risks involved in ransomware negotiations. The stakes in these cases are high. Ransomware attacks can freeze computer systems, encrypt data, or threaten to release sensitive information unless victims pay. Extortion demands can reach tens of millions of dollars, and globally, such attacks are estimated to cause billions of dollars in losses each year.
The controversy also highlights continuing concerns about conflicts of interest in the ransomware negotiation industry. "A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple," said James Taliento, chief executive of the cyber intelligence services company AFTRDRK.
DigitalMint is registered with the US Treasury Department's Financial Crimes Enforcement Network and licensed to transmit money in multiple states, underscoring its role as a regulated player in a field that has seen rapid professionalization. However, the company's troubles echo earlier incidents in the industry. In 2019, an investigative report by ProPublica found that other US firms claiming to use proprietary data recovery methods were paying hackers while charging clients extra.
Despite the increasing professionalism of ransom negotiation firms, security experts caution that paying ransoms remains a risky endeavor. "At best, a payment serves to improve the operations of the ransomware group, and at worst it may lead to additional attacks, because an organization will be identified as one that is willing to pay," said Allan Liska, a threat analyst at Recorded Future.
As the investigation continues, DigitalMint's leadership maintains that the company acted quickly and transparently to protect its clients. The outcome of the case remains uncertain, and many such investigations conclude without formal accusations of wrongdoing. For now, the case serves as a reminder of the complex ethical and security challenges facing organizations caught in the crosshairs of cybercrime.
Ransomware negotiator allegedly struck deals with hackers to profit from extortion payments
