The U.S. Justice Department has opened a criminal investigation into a former ransomware negotiator accused of brokering deals with hackers and taking a share of the cryptocurrency used for ransom payments.
DigitalMint President Marc Grens confirmed in a statement that a former employee is under investigation and was “immediately terminated” after the allegations surfaced.
“The investigation evidently involves alleged unauthorized conduct by the employee while employed here.”
The Chicago-based firm specializes in helping ransomware victims negotiate and make payments to hackers. The investigation was first reported by Bloomberg on Thursday, citing a source familiar with the situation.
DigitalMint itself is not under investigation
Grens emphasized that DigitalMint is not the focus of the investigation and has been “fully cooperating with law enforcement.”
He stated, “As soon as the issue came to light, we acted quickly to safeguard our clients. Trust is something we earn every day. Once we had the facts, we began informing affected stakeholders promptly.”
According to its website, DigitalMint specializes in managing ransomware incidents and facilitating secure payments to cybercriminals. The company serves a range of clients, including Fortune 500 firms, and is registered with the U.S. Financial Crimes Enforcement Network.
Ransomware Payments Decline
Fewer companies are yielding to ransom demands, according to a February report from cybersecurity incident response firm Coveware. The report found that only 25% of organizations targeted by ransomware in the final quarter of 2024 chose to pay.
This marks a steady decline from previous quarters—32% paid in Q3 2024, and 36% in Q2. The trend is especially stark compared to early 2019, when 85% of affected companies paid ransoms.
Coveware attributed the drop to stronger cybersecurity measures, improved backup and recovery systems, and a growing unwillingness to fund cybercriminals. The firm also cited enhanced law enforcement activity and stricter regulatory guidance as contributing factors to the decline in payments.
In the latest move against ransomware groups, the U.S. Treasury on Tuesday sanctioned Russia-based Aeza Group, its senior leadership, and a connected cryptocurrency wallet, accusing the company of hosting ransomware operations and information-stealing malware.
Separately, a February 5 report from blockchain analytics firm Chainalysis revealed that ransomware-related payments fell by 35% in 2024, dropping to $815 million from $1.25 billion in 2023.
Ransomware Negotiators Not Always Effective
James Taliento, CEO of cyber intelligence firm AFTRDRK, told Bloomberg that ransomware negotiators don’t always prioritize their clients’ best interests.
“A negotiator has no real incentive to lower the ransom or fully inform the victim if their company profits from the size of the payment. Plain and simple,” he said.
A 2019 investigation by ProPublica also uncovered questionable practices by two U.S. firms that paid hackers directly to recover stolen data, while charging clients additional fees under the pretense of using advanced recovery techniques.
