In a recent federal indictment, two employees of the cybersecurity firm DigitalMint were accused of secretly collaborating with one of the world’s most prominent ransomware gangs — and leveraging their positions in a sophisticated extortion scheme.
Per the Chicago Sun-Times, federal prosecutors allege that employees at a firm specializing in ransomware response and cryptocurrency payments were actively collaborating with the notorious ALPHV/BlackCat ransomware group. The indictment claims these individuals, including a “ransomware threat negotiator,” used their insider knowledge to help the group attack and extort American companies.
We do not have evidence that the firm was wholly compromised by bad actors — DigitalMint has denied any wrongdoing and is said to be cooperating with the investigation. At this point, nobody has been convicted of a crime, and both employees have been fired.
However, the case shows a fundamental conflict of interest in the ransomware negotiation industry: A company that is built to facilitate payments is, by its nature, less focused on the actual data recovery.
What Made ALPHV/BlackCat So Dangerous?
The group at the center of this indictment, ALPHV (also known as BlackCat), was one of the most prolific ransomware operations for several years. Its effectiveness came from a combination of technical innovation and a ruthless business model.
- Ransomware-as-a-Service (RaaS): ALPHV operated like a dark-web technology company. They developed the ransomware and then “leased” it to affiliates, who would carry out the attacks. This RaaS model allowed them to scale rapidly, offering their partners up to 90% of the ransom payment.
- Written in Rust: BlackCat was the first major ransomware variant written in the Rust programming language. This made it faster, more stable, and capable of encrypting files on a wide variety of systems, including Windows, Linux, and VMware ESXi servers, which are often used to host a company’s most critical data.
- Triple Extortion: This group perfected a multi-layered extortion tactic. Prior to demanding a ransom for encrypted data, they would exfiltrate data from the victim; in some cases, ALPHV would also launch a Distributed Denial-of-Service (DDoS) attack to knock the victim’s website and public-facing services offline.
Fortunately, the Department of Justice successfully disrupted ALPHV in 2023, seizing several of the groups’ websites and releasing decryption tools for more than 500 victims.
Why Ransomware Payments Are a Bad Idea
When you’re locked out of your critical data, paying the ransom can feel like the fastest way out. We strongly advise against it for several reasons:
- It Funds Criminal Enterprises: As the indictment shows (allegedly), ransom payments increase the likelihood of future attacks. The money you pay doesn’t just go to one person; it funds the development of new malware, pays for infrastructure, and recruits more bad actors.
- It May Be Illegal: The U.S. Treasury Department has issued advisories warning that paying a ransom may be illegal. If the attacking group is on a government sanctions list — and many state-sponsored or major criminal groups are on that list — paying them can result in financial penalties (or at best, extensive audits).
- There Is No Guarantee: You are negotiating with criminals. We have seen cases where a company pays the ransom only to receive a faulty decryption key, no key at all, or a second ransom demand weeks later. Once you are identified as a company that pays, you become a prime target for future attacks, and about 25% of ransom payments do not result in data restoration.
Ransomware Recovery Services: Finding a Trustworthy Partner
When a business contacts us during a ransomware attack, our goal is data recovery. Our goal is to restore files, rebuild key systems, patch vulnerabilities, and prevent future attacks from occurring — we don’t want to facilitate a ransom payment, and we don’t attempt negotiation as a primary tactic.
We begin every case with a risk-free evaluation to provide you with a clear diagnostic and a firm price quote. Our no data, no charge guarantee means our interests are perfectly aligned with our clients: You only pay for recovery fees if we recover the data you need.
To learn more, contact Datarecovery.com at 1-800-237-4200 for a free, confidential evaluation or submit a case online.