Cybercrime

Huntress admits an employee tipped a ransomware actor to law enforcement

Huntress admits an employee tipped a ransomware actor to law enforcement

Huntress, the managed-detection vendor, has published its first formal written response to a week of public accusations from a former employee, acknowledging that a current staff member disclosed to a threat actor that law enforcement had contacted the company about that actor. In a June 29 blog post, co-founder and CEO Kyle Hanslovan described the disclosure as poor judgment that was not illegal, while rejecting the broader claim that Huntress harbors an insider threat.

Ben Folland's LinkedIn-post

The allegations come from Ben Folland, a former Huntress security operations analyst who left the company in February 2026. Folland says that in December 2025 he discovered a colleague had passed US law enforcement communications to DevMan, a ransomware operation that emerged in April 2025 and runs on modified DragonForce code. He says DevMan has been targeting him and his family.

In his most recent posts, Folland alleges the FBI approached the Huntress employee to gather intelligence on DevMan, and that the employee instead forwarded the FBI's communications to the criminal, including screenshots that named FBI agents, warned DevMan that investigators were looking into him, and then refused to cooperate. Folland argues this meets the definition of an insider threat rather than poor judgment, comparing it to a bank insider warning a fraudster that police are closing in. None of his supporting material has been published yet.

Hanslovan's account is narrower. He wrote that Huntress permits researchers to engage with threat actors at times for research or to support active investigations, and that the company is aware of separate, questionable, long-term communications involving both the current employee and a now-former employee. On the central exchange, he wrote: "While this disclosure was not illegal, it reflected poor judgment."

Huntress says multiple internal investigations, plus consultation with law enforcement, found no evidence of illegal conduct, unauthorized access, or exposure of partner, customer, source code, or operational data. The company says there was no insider "caught by the FBI," the phrase Folland has used, and that customers were not put at risk. After Folland resurfaced his concerns and sent additional communications last week, Hanslovan says the matter was reviewed again and the investigation remains open.

Folland has also alleged that Huntress tried to bury the incident ahead of a planned public offering and used legal threats to silence him. Responding on Reddit, Hanslovan rejected the insider narrative and said the company did not put an IPO ahead of the safety of customers or staff. He added that active coordination with law enforcement and ongoing legal proceedings limit what the company can say publicly.



International Cyber Digest

Get the ICD Newsletter

Subscribe for source-forward cyber news, OSINT notes, breach updates, and analysis. Have evidence or a lead? Send it to ICD.

Subscribe Send a tip