The US Justice Department has launched a criminal investigation into a former negotiator at DigitalMint, a Chicago-based firm specializing in ransomware response. The ex-employee is accused of colluding with ransomware hackers to collect kickbacks from extortion payments made in cryptocurrency. The individual was promptly fired once allegations emerged, and authorities are now probing their conduct during negotiation sessions.
Who Is DigitalMint?
DigitalMint, previously known as Red Leaf Chicago, has facilitated ransomware negotiations and payments since its founding in 2014. The firm has reportedly handled over 2.000 ransomware incidents for clients ranging from small businesses to Fortune 500 companies. It is licensed in multiple US states and registered with the Financial Crimes Enforcement Network . 990-0Despite the ongoing probe, company officials emphasize that DigitalMint itself is not under investigation and is fully cooperating. “We acted swiftly to protect our clients,” said President Marc Grens.
Allegations of Kickbacks from Hackers
According to Bloomberg and Bleeping Computer, the DOJ is investigating whether the former employee colluded with ransomware groups—possibly including the well-known BlackCat variant—to take a share of the ransom paid. The allegations suggest the individual negotiated extortion payments on behalf of clients and secretly kept a portion for themselves. 1654-0The suspect's identity remains undisclosed, and it's unclear whether any formal charges have been filed.
Industry Concerns Over Conflicts of Interest
Experts in cyber response warn such cases highlight potential conflicts in the ransomware negotiation space. As James Taliento, CEO of AFTRDRK, put it:
"A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple."
This echoes earlier reporting—such as ProPublica’s 2019 expose—showing some firms secretly paid hackers first, then billed clients extra under the guise of “specialized recovery methods.”
Fallout and Industry Response
Following the news, some law and insurance firms reportedly cautioned against engaging DigitalMint during the investigation. 2642-0DigitalMint responded by assuring stakeholders of its transparent practices and compliance with regulators and law enforcement. 2803-0No arrests have been publicly reported yet, and the DOJ has declined to confirm specifics on the individual's status.
Conclusion
The DOJ probe into DigitalMint's former negotiator underscores a vulnerability in the ransomware response industry—namely, the potential for intermediaries to exploit their role for personal gain. As companies may pay tens of millions in cryptocurrency extortion, maintaining ethical standards and independent oversight is crucial. For victims and stakeholders, this case serves as a reminder to scrutinize ransom negotiation protocols and ensure alignment of incentives.
Stay tuned as authorities continue to investigate this case and as the broader ransomware negotiation sector faces increased calls for transparency and accountability.
