Rouge DigitalMint Employee Works With Hackers For A Slice Of The Pie

The US Justice Department has launched a criminal investigation into a former employee of DigitalMint, a Chicago-based firm specializing in ransomware negotiations and cryptocurrency payments.

The ex-employee has allegedly struck secret deals with hackers in exchange for a cut of the profit they received from extortions.

DigitalMint President Marc Grens confirmed that the investigation involved alleged unauthorized conduct by the individual while employed at the company, and the employee was immediately terminated when the allegations surfaced.

He also clarified that the incident involved just the individual himself, and DigitalMint itself is not the target of the investigation.

DigitalMint also stressed the company's commitment to protect their clients from the remification of this saga

“As soon as we were able, we began communicating the facts to affected stakeholders.”

DigitalMint, which is registered with the US Financial Crimes Enforcement Network, has built its reputation on assisting victims of ransomware attacks, including Fortune 500 companies.

The company claims to have handled more than 2,000 ransomware cases since 2017, providing services that include incident response and direct negotiations with threat actors.

Ransomware Negotiators Doesn't Act In Client's Best Interest

The ongoing investigation has brought renewed scrutiny to the rapidly growing industry of ransomware negotiation.

As ransomware attacks have surged globally—costing victims billions of dollars each year—firms like DigitalMint have emerged to help organizations navigate extortion demands, negotiate with hackers, and facilitate cryptocurrency payments to restore access to encrypted data or prevent the release of sensitive information.

However, the case has also raised concerns about potential conflicts of interest and ethical risks within the industry.

CEO of cyber intelligence firm AFTRDRK warn that negotiators may not always act in their clients’ best interests, especially if their compensation is tied to the size of the ransom paid.

“A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple.”

The controversy echoes previous incidents in the sector. A 2019 ProPublica investigation revealed that some US data recovery firms paid hackers directly while charging clients extra for so-called specialized recovery methods.

But industry data indicates that fewer companies are now paying ransomware demands. According to a February report from cyber incident response firm Coveware, only 25% of organizations hit with extortion demands in late 2024 paid the ransom, down from 85% in early 2019.

Coveware attributes this decline to improved cybersecurity practices, stronger law enforcement efforts, and regulatory guidance discouraging ransom payments.

As the Justice Department’s investigation continues, some law and insurance firms have reportedly advised clients to avoid working with DigitalMint until the matter is resolved.

The outcome of the probe could have significant implications for the ransomware negotiation industry, highlighting the need for stringent oversight and ethical standards as cyber threats continue to evolve.