Authorities are investigating a former employee of DigitalMint, a company that helps businesses negotiate with hackers and handle cryptocurrency payments during ransomware attacks. The Chicago-based firm confirmed that the US Justice Department is looking into claims that this ex-employee made secret deals with cybercriminals to earn extra money from extortion payouts.
DigitalMint’s president, Marc Jason Grens, told clients this week about the ongoing probe. He described the employee’s behavior as isolated and said the person was immediately fired once the company discovered the issue. DigitalMint stressed it is cooperating fully with investigators and is not itself under investigation.
Ransomware attacks occur when hackers lock victims out of their computer systems, encrypt important data, or threaten to expose sensitive information online unless a ransom is paid—often in cryptocurrency. These attacks cause billions in damage each year and can involve demands in the millions of dollars.
The investigation highlights concerns about the growing industry that supports victims in paying ransoms. Some experts worry that companies involved in these negotiations might prioritize their own profits over the interests of victims. James Taliento, CEO of cyber intelligence firm AFTRDRK, noted that negotiators could be tempted to keep ransom demands high if their earnings depend on the size of the payment.
Some law firms and insurers have advised caution in working with DigitalMint following news of the allegations, according to people familiar with the situation. DigitalMint’s website says the company has handled more than 2,000 ransomware incidents since 2017, offering services like incident response and direct communication with threat actors.
Founded in 2014 and officially registered as Red Leaf Chicago, LLC, DigitalMint is licensed to process money transfers in multiple states and is registered with the US Treasury’s Financial Crimes Enforcement Network. Its clients include small businesses and large corporations looking for quick access to virtual currency transactions.
This is not the first time questions have been raised about companies assisting ransomware victims. In 2019, investigative reports revealed that some US firms claimed to recover data on their own but actually paid hackers behind the scenes while charging clients additional fees.
DigitalMint’s leadership says the company acted quickly to protect customers and is committed to being transparent as the investigation continues. The Justice Department has not commented publicly on the case. Many such inquiries end without formal charges.
As ransomware attacks rise, this case shines a light on an industry that operates in a tricky space—trying to help victims while managing relationships with criminals—a balance that may need closer scrutiny going forward.