Ransomware Negotiator Under Investigation for Alleged Criminal Gang Kickbacks

A critical investigation is underway at Digital Mint, a company specialising in ransomware negotiations, as a former employee faces allegations of illicitly profiting from ransomware payments. This raises serious questions about the integrity of services designed to help victims navigate extortion.

Digital Mint is reportedly cooperating with the U.S. Department of Justice (DoJ) regarding a former employee accused of cutting deals with criminal gangs. While there's no suggestion Digital Mint was aware of or supported these actions, the company's president, Marc Jason Grens, confirmed to Bloomberg that a criminal investigation is ongoing and the employee has been fired.

The role of a ransomware negotiator is to act on behalf of victims, aiming to reduce exorbitant ransom demands. However, as one negotiator told TechTarget, any financial incentive for the negotiator from the criminals themselves "is ripe for fraud," creating a conflict of interest that could keep ransom demands artificially high.

This isn't the first time the ransomware recovery industry has faced scrutiny. In 2019, ProPublica reported on companies secretly paying ransoms while claiming to decrypt data through other means. The industry has since evolved, with some negotiation services openly advertised, partly due to cyber insurance policies covering such payments.

While some governments and organisations, like the International Counter-Ransomware Initiative, advocate against paying ransoms, many private companies still do, especially with the rise of "double extortion" tactics where criminals steal data before encrypting it, threatening to leak it if not paid. However, the #StopRansomware guide, from agencies like CISA, the NSA, and the FBI, warns that paying doesn't guarantee data recovery or prevent further compromise, and could even violate sanctions.

Incidents like the one at Digital Mint erode trust in an industry meant to be a victim's advocate, potentially leading more companies to question the wisdom of paying ransoms altogether.