A ransomware negotiator at DigitalMint secretly ran the attacks he was being paid to stop and then negotiated ransoms on behalf of the companies he'd just hit. This week on Security Squawk, we break down $75 million in extorted ransoms, an Iranian hacker group that destroyed 80,000 Stryker devices in three hours without using any malware, and a new Ponemon Institute survey showing 77% of industrial companies got breached in the past year. DigitalMint: Angelo Martino, a ransomware negotiator at Chicago-based cybersecurity firm DigitalMint, has been charged with running at least 10 ransomware attacks using the BlackCat/ALPHV gang while simultaneously negotiating ransoms for his own victims. Five companies he attacked then hired DigitalMint and were assigned Martino as their negotiator. Ransoms totaled $75.25 million. Two co-conspirators, including another DigitalMint negotiator and an employee at rival firm Sygnia, already pleaded guilty in December. Stryker: On March 11, the Iran-linked hacktivist group Handala wiped approximately 80,000 employee devices at medical device giant Stryker using Microsoft Intune, the same device management tool your IT team uses every day. No malware. No ransomware. Just a compromised admin account and a "remote wipe" command. OT Security Survey: A new Ponemon Institute survey commissioned by Siemens Energy found 77% of organizations running operational technology factories, pipelines, utilities, industrial control systems were breached in the last 12 months. 41% of attacks go completely undetected. Recovery takes seven months on average. Support the show: buymeacoffee.com/securitysquawk