US Investigating Ransomware Negotiation Firm Employee

The US Justice Department has launched a probe into a former ransomware negotiator, accused of striking deals with hackers to take a cut of the crypto used to pay the extortionists.

In a statement to Cointelegraph, DigitalMint President Marc Grens confirmed that one of the firm’s former employees is the target of an ongoing criminal investigation and was “immediately terminated” when the allegations came to light. 

“The investigation evidently involves alleged unauthorized conduct by the employee while employed here.”

The Chicago-based company assists victims with ransomware negotiations and payments to hackers. The story was first reported by Bloomberg on Thursday, citing a person familiar with the matter. 

DigitalMint is not in the firing line

Grens also said, “DigitalMint is not a target of the investigation and has been ‘cooperating fully with law enforcement.” 

He added that once discovered, DigitalMint “acted swiftly to protect our clients. Trust is earned every day. As soon as we were able, we began communicating the facts to affected stakeholders.” 

DigitalMint said on its website that it specializes in securely handling ransomware incidents and facilitating secure payments to hackers.

Its client base includes Fortune 500 companies and is registered with the US Financial Crimes Enforcement Network, it said. 

Ransomware payments down

Fewer companies are giving in to criminals’ demands, with a February report from cyber incident response firm Coveware finding that only 25% of companies hit with extortion demands in the last quarter of 2024 paid the ransom. 

In the third quarter of 2024, 32% of companies that received ransom demands paid, compared to 36% in the previous quarter, according to Coveware data. This was down significantly compared to the first quarter of 2019, when 85% paid the ransom when demanded.

Coveware said the drop “suggests that more organizations are improving their cybersecurity defenses, implementing better backup and recovery strategies, and refusing to fund cybercriminals.” 

However, the firm also said the decline could be because of “increased law enforcement efforts” and “stronger regulatory guidance discouraging ransom payments.”

Meanwhile, in the latest salvo against ransomware gangs, the US Treasury sanctioned Russia-based Aeza Group on Tuesday, along with its top brass and a crypto wallet connected to the service, for allegedly hosting ransomware and info-stealers. 

A separate report by blockchain analytics provider Chainalysis on Feb. 5 also found that payments extorted through ransomware attacks decreased by 35% to $815 million in 2024 compared to $1.25 billion in 2023. 

Ransomware negotiators not always helpful 

James Taliento, chief executive of the cyber intelligence services company AFTRDRK, told Bloomberg that ransomware negotiators don’t always act in their clients’ best interests. 

Related: Crypto losses hit $2.5B in first half of 2025, but hacks fall in Q2: CertiK

“A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple,” he said 

Meanwhile, a 2019 report from investigative news outlet ProPublica found two other US firms were paying hackers to retrieve stolen data and then charging clients extra under the guise of using specialized recovery methods. 

Magazine: Should we ban ransomware payments? It’s an attractive but dangerous idea