U.S. law enforcement officials are investigating a former employee of DigitalMint, a company that specializes in negotiating with hackers and facilitating cryptocurrency payments in ransomware attacks. DigitalMint has confirmed this information.
Allegations and DigitalMint's response
Marc Jason Grens, President of #DigitalMint , informed partner organizations this week that the U.S. Department of Justice is reviewing allegations related to a former employee who allegedly colluded with hackers to profit from ransom payments. Grens did not name the employee and described their actions as isolated.
In an email to Bloomberg News, Grens stated that DigitalMint is cooperating with the criminal investigation into "the alleged illegal conduct of this employee while working here." He asserted that the Chicago-based company is not the target of the investigation and that the employee "was terminated immediately." Grens could not provide further information due to the ongoing investigation.
Concerns in the industry and advice for ransomware victims
This previously unreported investigation focuses on the rapidly growing industry aimed at helping companies negotiate and pay cybercriminals as ransomware attacks increase.
James Taliento, CEO of the cyber intelligence service company AFTRDRK, commented: "A negotiator has no incentive to lower the price or inform the victim of all the facts if the company they work for is profiting from the scale of the ransom amount. It’s as simple as that."
In ransomware attacks, hackers extort victims by freezing computer systems, encrypting data, or threatening to disclose sensitive information online unless paid. Ransom amounts can reach tens of millions of dollars, and attacks are estimated to cause billions of dollars in damages worldwide each year.
Some law and insurance firms this week warned clients against hiring DigitalMint due to concerns about the allegations against the former employee.
On its website, DigitalMint claims to specialize in "safely handling ransomware incidents" and has "experience in over 2,000" such attacks since 2017. The company's services include incident response and "communication, negotiation with the threat actor."
DigitalMint is licensed to transfer money in multiple states and is registered with the Financial Crimes Enforcement Network of the U.S. Department of the Treasury. The website states that DigitalMint provides customers, from small businesses to Fortune 500 companies, "immediate access to virtual currency transactions, regardless of where they are."
DigitalMint was founded in 2014 and is the operating name of Red Leaf Chicago, LLC. A 2019 report by ProPublica revealed that two other U.S. companies claiming to use proprietary data recovery methods to help ransomware victims often actually pay hackers while charging fees to customers.
Allan Liska, a threat analyst at Recorded Future Inc., said that ransom negotiation companies have significantly professionalized in recent years, but it is still best for victims not to pay. Liska stated, "At best, paying only helps improve the operations of the ransomware group, and at worst, it can lead to additional attacks, as an organization will be identified as one willing to pay."