U.S. DOJ Investigates Ex‑Ransomware Negotiator Over Alleged Kickbacks
Also Inside => | Cyber attack on | Bakery, Germany |City government, Spain| Payment provider, Brazil| San Jose government, Brazil| Hospital, Czech Republic .
Music of the week
DigitalMint, based in Chicago, provides cryptocurrency payment services for companies facing ransomware attacks. According to company executives, the individual in question allegedly negotiated secret agreements with ransomware groups during extortion incidents and pocketed part of the payments without the knowledge of either the victims or the firm.
U.S. DOJ Investigates Ex‑Ransomware Negotiator Over Alleged Kickbacks
The U.S. Department of Justice is investigating a former employee of DigitalMint, a prominent ransomware response firm, over allegations that he conspired with cybercriminals to divert a portion of ransom payments for personal gain.
DigitalMint, based in Chicago, provides cryptocurrency payment services for companies facing ransomware attacks. According to company executives, the individual in question allegedly negotiated secret agreements with ransomware groups during extortion incidents and pocketed part of the payments without the knowledge of either the victims or the firm.
“We took swift action to terminate the employee and reported the misconduct to federal authorities,” said Marc Grens, President of DigitalMint. “We are fully cooperating with the Department of Justice and want to assure clients that DigitalMint itself is not the subject of the investigation.”
While the DOJ has not publicly named the former employee or confirmed the full scope of the inquiry, sources familiar with the matter say the investigation involves multiple incidents where ransom negotiations may have been manipulated to benefit the negotiator personally.
DigitalMint has facilitated over 2,000 ransomware-related transactions since 2017 and is widely recognized in the cybersecurity sector for its role in managing high-stakes cyber extortion cases.
The case sheds light on growing concerns over the ethical practices of ransomware negotiators. Critics have long warned that fee structures based on the size of ransom payments could create perverse incentives. “When companies take a percentage of the ransom as their fee, it raises the risk of inflated negotiations and compromised integrity,” said Bill Siegel, CEO of incident response firm Coveware.
The investigation echoes a 2019 ProPublica report that found some ransomware recovery firms secretly paid hackers while charging victims exorbitant fees, raising questions about transparency and accountability in the industry.
As ransomware attacks continue to surge globally, cybersecurity experts are calling for tighter regulation and oversight of negotiators, especially those operating in the gray areas of crypto transactions and crisis response.
For now, the DOJ probe remains ongoing, and the identity of the accused has not been made public.
Incidents from around the world
Cyber Attack on Congress-Centrum Saar GmbH (Germany), Saarland, Germany. July 02, 2025. The Congress-Centrum Saar GmbH experienced a cyber attack on its computer network around July 2, 2025, rendering the system inactive. The management promptly reported the incident to the police, and investigations are currently underway to assess the impact on upcoming events. The extent of the attack and whether any data was compromised is still being determined. {saarbruecker-zeitung.de}
Ransomware at a city government in Spain. Valenciana, Spain. July 02, 2025. The Town Hall of La Vila Joiosa (Villajoyosa) in Alicante suffered a ransomware cyberattack on July 2, 2025, which disrupted core digital systems—more than 300 municipal computers were reported offline, forcing staff to switch temporarily to manual operations for citizen services. The local administration is collaborating with Spain’s National Cryptographic Centre and its Cybersecurity Operations Centre to assess the damage, cleanse and rebuild systems from scratch, and gradually restore functionality over several days. {ondacero.es}
Central Bank confirms attack on multinational technology company's system. São Paulo, Brazil. July 05, 2025. The Brazilian Central Bank has confirmed that C&M Software—a technology provider that connects smaller institutions to the Central Bank’s payment infrastructure, including Pix—was hit by a cyberattack on July 1, 2025. The breach, which exploited stolen client credentials, affected at least six institutions’ reserve accounts and led to unauthorised transfers; estimates of the financial impact vary from R$400 million to as much as R$1 billion, though reported losses to clients appear minimal thanks to prompt action and reversals. In response, the Central Bank ordered C&M to disconnect its client institutions while investigations by the Central Bank, Federal Police, and São Paulo Civil Police continue; C&M has affirmed its cooperation and insisted its core systems remained uncompromised {terra.com.br}
Cyber attack on a hospital in the Czech Republic. Kraj, Czech Republic, July 05, 2025. The Nymburk Hospital experienced a significant network outage beginning July 1, 2025, which disrupted key IT systems including payment terminals and appointment scheduling. As a result, medical staff have reverted to paper-based processes, leading to longer wait times, postponed procedures, and diverted ambulance patients to other hospitals. Despite operating in emergency mode, hospital officials emphasize that basic patient care continues uninterrupted. Police have initiated a criminal investigation for unauthorized access to their computer systems, and the hospital urges patients to confirm appointments by phone before visiting{nemnbk.cz}
Cybercrime and Fraud Stories
Former Federal Officer Charged With Possession And Distribution Of Child Sexual Abuse Material Appears In Court
U.S. Attorney Russ Ferguson announced today that Philip Andrew Douglass, 42, of Pineville, N.C., and a former federal officer, appeared in court this morning to face charges of possession and distribution of child sexual abuse material (CSAM). Chip Hawley, Director of the North Carolina State Bureau of Investigation (SBI), joins U.S. Attorney Ferguson in making today’s announcement.
Federal And State Officials Announce Efforts To Crack Down On Healthcare Fraud Schemes
U.S. Attorney Russ Ferguson is joined today by South Carolina Attorney General Alan Wilson, North Carolina Attorney General Jeff Jackson, FBI Special Agent in Charge James C. Barnacle, Jr., and representatives of IRS-Criminal Investigation and the Department of Health and Human Services Office of the Inspector General, to announce the results of a health care fraud crackdown that led to criminal charges filed against nine individuals involved in separate health care fraud schemes that allegedly defrauded the North Carolina and the South Carolina Medicaid Programs of millions of dollars.
Got stories? Have you ever been a victim of cybercrime? Share HERE
Cyber Friends
Meet our cyber friend for the week. #PetsofCyber #DogsofCyber. #PetsofCyber
Want your pets to join our #PetsofCyber club? Send their photo and bio here. You can include your social media handles if you want to get a shout!