The indictment of three cybersecurity professionals accused of running their own ransomware operation serves as a chilling reminder that those who are supposed to protect digital systems can also possess the skills necessary for exploitation.
Though few would wish to envision their own cybersecurity experts acting with malicious intent, this case underscores the importance of adopting a zero-trust approach. This strategy assumes that all users and systems could potentially be compromised, requiring continuous verification regardless of trust.
An indictment
filed in Florida last month
revealed that rogue employees from a Chicago firm specializing in ransomware negotiation allegedly launched malware attacks against at least five U.S. organizations between May and November 2023. Although there is no evidence suggesting they targeted their own clients, the accused are charged with using insider knowledge to exploit potential vulnerabilities.
Can You Rely on the Experts?
Organizations must remain vigilant against breaches. Cybersecurity professionals must continually earn and maintain their clients’ trust, with the principle of zero trust serving as a fundamental guideline.
“‘Trust but verify’ is a familiar phrase in cybersecurity that highlights the necessity to constantly authenticate, verify, and scrutinize every device, user, and endpoint,” stated
Tracy Goldberg
, Directory of Fraud and Security at Javelin Strategy & Research. “Even if a system or user is trusted, their authenticity and actions must be verified continuously to prevent unauthorized access and malicious activities.
Healthcare Faces Unique Challenges in Cybersecurity
An
affidavit revealed the first attack occurred in May 2023,
when a medical company in Florida was hit with a $10 million ransom demand. The group allegedly went on to target a Maryland pharmaceutical manufacturer and a California doctor’s office, as reported by CSO Online.
Healthcare organizations are frequent targets due to the large amount of sensitive personal data they handle. Last year, the personal information of 100 million individuals was compromised in a ransomware attack on Change Healthcare, resulting in a $22 million ransom payment.
“Healthcare should prioritize cybersecurity investments second only to those in education,” noted Goldberg. “Healthcare is renowned for its inherent cybersecurity risks, with the exposure of employee and patient Personal Identifiable Information posing significant concerns.”
The attack was attributed to
the AlphV/BlackCat ransomware group,
which is identified as Russia-based and responsible for approximately a quarter of all ransomware attacks in 2024, according to Trustwave SpiderLabs.