Huntress CEO says employee showed poor judgment in contact with ransomware actor

Huntress CEO Kyle Hanslovan said the company has reviewed “questionable, long-term threat actor communications” involving a current employee and a ransomware operator, but concluded that the conduct d...

Huntress CEO Kyle Hanslovan said the company has reviewed “questionable, long-term threat actor communications” involving a current employee and a ransomware operator, but concluded that the conduct did not amount to illegal activity. He said one exchange showed “poor judgment” after the employee told the threat actor that law enforcement had contacted them about the investigation.

The dispute became public after former Huntress security operations analyst Ben Folland accused the company of having an insider threat on staff. Folland said another Huntress employee forwarded information from U.S. law enforcement to a cybercriminal known as Devman, a ransomware operator linked to modified DragonForce code built on top of the leaked Conti source code. He argued that the behavior could put customers at risk and damage the company’s reputation.

In a blog post published Tuesday, Hanslovan said Huntress does not believe the matter currently shows insider activity or additional unauthorized disclosures. He said the company has strengthened policies for researchers, provided coaching on handling communications with threat actors, and taken administrative action where appropriate. Huntress said its review is still ongoing, but it does not plan to share further details because of employee privacy considerations.

What each side says

  • Hanslovan said the employee’s disclosure to the threat actor was not illegal, but was a lapse in judgment.

  • Folland said the episode was more serious and described it as an insider-threat case.

  • He claimed the employee relayed FBI communications, including agent names, to Devman.

  • Huntress said it has not found evidence of illegal conduct or broader compromise.

Folland repeated his criticism in a LinkedIn post, saying a security worker should not pass law enforcement information to a criminal being investigated. He said the FBI had notified him about the incident, though the bureau did not immediately respond to a request for comment. Huntress declined to provide additional details.

The disagreement leaves the incident unresolved publicly, with the company characterizing it as misconduct requiring internal corrective steps and the former employee calling it an example of insider risk.