Cybercrime: ransom negotiator probably pinched commissions

A ransomware negotiation expert employed by an IT security company apparently cobbled together shares of the ransom money. Prosecutors are now investigating this.

Bloomberg reports on this. An employee of the Chicago-based company DigitalMint negotiated deals with the perpetrators in which he benefited from ransom payments, according to the company's management. However, these were isolated acts by a single individual. DigitalMint immediately terminated the employee, and the company is cooperating with an investigation into “alleged unauthorized actions by the employee during his employment”.

IT security companies assist with IT incidents

Specialized IT security companies with a focus on “incident response” support those affected if they have a so-called IT incident in which, for example, cyber criminals break into their systems and distribute ransomware, paralyze IT systems or exfiltrate data and threaten to sell it. The IT security companies not only provide support in restoring the IT landscape – they often also have experts on hand to negotiate the lowest possible payment in ransom negotiations.

“Such negotiators have no incentive to push down the price to be paid or to inform the victims of all the facts, as long as the company they work for benefits from the amount paid,” a CEO of another IT security firm told Bloomberg.

In recent years, IT security companies have also become much more professional in ransomware negotiations, another IT security researcher explained. Nevertheless, the victims are helped the most if no ransom is paid.

In mid-2022, more than 30 IT security experts from education and industry published an open letter opposing such ransom payments. They describe ransom payments for ransomware as the “root of all evil”. They wrote: “If victims of ransomware did not pay the ransom demanded, this business model would be nipped in the bud.”

(dmk)