US Probes Ex-Ransom Negotiator Accused of Scheming With Hackers

Law enforcement officials are investigating a former employee of a company that negotiates with hackers and facilitates cryptocurrency payments during ransomware attacks, according to a statement from the firm, DigitalMint.

DigitalMint President Marc Jason Grens this week told organizations it works with that the US Justice Department is examining allegations that the then-employee struck deals with hackers to profit from extortion payments, according to a person familiar with the matter.

Grens did not identify the employee by name and characterized their actions as isolated, said the person, who spoke on condition that they not be identified describing private conversations.

DigitalMint is cooperating with a criminal investigation into “alleged unauthorized conduct by the employee while employed here,” Grens said in an email to Bloomberg News. The Chicago-based company is not the target of the investigation and the employee “was immediately terminated,” Grens said, adding that he can’t provide more information because the probe is ongoing.

“As soon as we were able, we began communicating the facts to affected stakeholders,” said Grens. “This level of transparency is a key part of the culture that has driven DigitalMint’s success.” Chief Executive Officer Jonathan Solomon said the company “acted swiftly to protect our clients.”

The Justice Department did not respond to a request for comment sent Tuesday. Many investigations end without any formal accusations of wrongdoing.

The investigation, which hasn’t been previously reported, entails law enforcement delving into the cottage industry that has sprung up to help companies negotiate and pay cybercriminals as ransomware attacks have surged.

“A negotiator is not incentivized to drive the price down or to inform the victim of all the facts if the company they work for is profiting off the size of the demand paid. Plain and simple,” said James Taliento, chief executive of the cyber intelligence services company AFTRDRK.

In ransomware attacks, hackers extort victims by freezing their computer systems, encrypting their data or threatening to release sensitive information online unless the attackers are paid. Extortion payments can run into the tens of millions of dollars and the attacks are estimated to cause billions of dollars in losses globally each year.

Some law and insurance firms this week warned clients against hiring DigitalMint over concerns with the allegations against the former employee, said the first person, as well as a second person familiar with the matter who also spoke on condition that they not be identified discussing the sensitive information.

On its website, DigitalMint says it specializes “in the secure handling of ransomware incidents” and that it has “experience in over 2,000” such attacks since 2017. Among the firm’s offerings are incident response and “threat actor communications and negotiations.”

The company is licensed to transmit money in multiple states and registered with the US Treasury Department’s Financial Crimes Enforcement Network, the website says, adding that DigitalMint gives customers, ranging from small businesses to Fortune 500 companies, “immediate access to virtual currency transactions, wherever they are located.”

DigitalMint was founded in 2014 and is the operating name for Red Leaf Chicago, LLC, Illinois state records show. A 2020 from the company says it earlier did business enabling people to buy cryptocurrenty through ATMs and teller windows.

In 2019, investigative news outlet reported that two other US firms that claimed to use their own data recovery methods to help ransomware victims actually often paid the hackers while charging their clients extra.

Photo: Pedestrians walk past the US Department of Justice headquarters in Washington, DC. Photographer: Al Drago/Bloomberg