The suspect is a former employee of DigitalMint, a Chicago-based incident response and digital asset services company that specializes in ransomware negotiation and facilitating cryptocurrency payments to receive a decryptor or prevent stolen data from being publicly released. A 2019 report by ProPublica revealed that some U.S. data recovery firms were found to secretly pay ransomware gangs while charging clients for data restoration services, without disclosing that payments were made to the attackers. Some ransomware operations, such as GandCrab and REvil, created special discount codes and chat interfaces specifically designed for these types of firms to receive a discount on the ransom demand. Bill Siegel, CEO of ransomware negotiation firm Coveware, told BleepingComputer that business models that do not utilize a fixed-fee structure lend themselves to this type of potential abuse. Bloomberg first reported that the DOJ is investigating whether the suspect worked with ransomware gangs to negotiate payments, then allegedly received a cut of the ransom that was charged to the customer. These ransomware payments, though, were significantly lower, ranging from thousands to hundreds of thousands, compared to the multi-million-dollar ransom payments that companies make today. DigitalMint confirmed that one of its former employees is under criminal investigation and informed BleepingComputer that it terminated the employee after learning of the alleged conduct. "We acted swiftly to protect our clients and have been cooperating with law enforcement," said Jonathan Solomon, CEO of DigitalMint, in a statement shared with BleepingComputer. Siegel further states that paying a ransom demand is often the wrong decision for any company, which can be challenging to communicate to a company dealing with a ransomware attack. DigitalMint would not respond to further questions from BleepingComputer, such as whether the suspect had been arrested, citing that the investigation was still ongoing.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 02 Jul 2025 19:15:24 +0000