Huntress: Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues

Huntress: Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues

Huntress Faces Allegations of Insider Threat Linked to Ransomware Group

Security firm Huntress is embroiled in controversy after a former employee, Ben Folland, accused the company of concealing an insider threat involving a current employee allegedly leaking information to a ransomware operation. Folland, who left Huntress in February, took to LinkedIn to detail his claims, which stem from an incident unrelated to the recent supply-chain attack on Klue a separate breach Huntress disclosed last week.

According to Folland, in December 2025, he discovered that a Huntress employee had shared communications from U.S. law enforcement with a cybercriminal known as DevMan, a ransomware operator targeting Folland and his family. DevMan, which emerged in April 2025, is believed to use modified DragonForce ransomware code. Folland alleged the insider was "caught by the FBI" but remains employed at Huntress, raising concerns about ongoing risks to clients and the company’s reputation particularly as Huntress prepares for an IPO.

In a resignation letter posted online, Folland stated he left due to "personal reasons and a conflict of interest," later clarifying that Huntress had attempted to "silence" him with legal threats after he raised the issue. He pledged to release evidence over the next two weeks, including FBI communications, internal memos, and recorded conversations between the Huntress employee and DevMan.

Huntress CEO Kyle Hanslovan responded through a spokesperson, acknowledging the concerns but framing the incident as a case of "poor judgment" in communications with a cybercriminal. He emphasized that such interactions are sometimes necessary for threat intelligence gathering but assured stakeholders that the company takes the matter seriously. Hanslovan disputed Folland’s characterization of an "insider threat," calling the claims inaccurate and denying that Huntress prioritized its IPO over security. He noted that legal and law enforcement constraints limit public disclosure but hinted at an official statement in the future.

The allegations highlight tensions between transparency and operational security in cybersecurity firms, particularly when insider risks intersect with criminal investigations. The outcome may set a precedent for how companies handle similar breaches of trust.

Source: https://www.theregister.com/cyber-crime/2026/06/25/ex-huntress-analyst-claims-company-insider-fed-info-to-a-ransomware-crim-social-media-drama-ensues/5262538

Huntress cybersecurity rating report: https://www.rankiteo.com/company/huntress-labs

"id": "HUN1782426290",
"linkid": "huntress-labs",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'Huntress',
                        'type': 'Cybersecurity Firm'}],
 'attack_vector': 'Insider Leak',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Law enforcement communications, '
                                             'Internal memos, Recorded '
                                             'conversations'},
 'date_detected': '2025-12',
 'description': 'Security firm Huntress is embroiled in controversy after a '
                'former employee, Ben Folland, accused the company of '
                'concealing an insider threat involving a current employee '
                'allegedly leaking information to a ransomware operation. The '
                'insider was allegedly caught by the FBI for sharing law '
                'enforcement communications with a cybercriminal known as '
                '*DevMan*, a ransomware operator targeting Folland and his '
                'family.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Law enforcement communications, Internal '
                                'memos, Recorded conversations',
            'legal_liabilities': 'Potential',
            'operational_impact': 'Reputational damage, Legal threats, '
                                  'Potential client risk'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, Retaliation',
 'post_incident_analysis': {'root_causes': 'Poor judgment in employee '
                                           'communications with '
                                           'cybercriminals, Potential insider '
                                           'collusion'},
 'ransomware': {'ransomware_strain': 'Modified DragonForce ransomware '
                                     '(DevMan)'},
 'references': [{'source': 'LinkedIn Post by Ben Folland'}],
 'regulatory_compliance': {'legal_actions': 'Potential legal threats against '
                                            'whistleblower'},
 'response': {'communication_strategy': 'Limited public disclosure due to '
                                        'legal constraints',
              'law_enforcement_notified': 'FBI'},
 'stakeholder_advisories': 'CEO Kyle Hanslovan acknowledged concerns but '
                           'disputed insider threat claims.',
 'threat_actor': 'DevMan (ransomware operator)',
 'title': 'Huntress Faces Allegations of Insider Threat Linked to Ransomware '
          'Group',
 'type': 'Insider Threat, Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.