Security Experts Succumbing toDarkness: When Do They Cross Over?

2025-11-15

Warning from Cybersecurity Professionals Accused in Ransomware Operation

The indictment of cybersecurity professionals who ran their own ransomware operation serves as a stark reminder that those entrusted with digital protection might possess the skills to exploit systems.

Few wish to envision their security experts acting maliciously, but this case highlights the necessity of a zero-trust approach—assuming every user and system could be compromised. Effective zero trust hinges not only on technology but also on company culture and vigilance.

Rogue Cybersecurity Experts Targeted Multiple Organizations

An indictment filed in Florida last month alleges that employees of a Chicago company specializing in ransomware negotiations conducted their own attacks against five U.S. organizations from May to November 2023. The accused used their knowledge of ransomware tactics to target vulnerable entities, though there’s no evidence they targeted their own clients.

Can You Trust Cybersecurity Professionals?

Organizations must remain vigilant against breaches. Cybersecurity professionals must continually earn and re-earn trust; the principle of zero trust is crucial.

“‘Trust but verify’ emphasizes the need to continuously authenticate, verify, and scrutinize every device, user, and endpoint,” said Tracy Goldberg, Director of Fraud and Security at Javelin Strategy & Research. “Even if a system or user is trusted, their authenticity and actions must constantly be verified to prevent unauthorized access and malicious activity.”

Healthcare’s Unique Vulnerabilities

The indictment mentions an attack in May 2023 on a Florida medical company with a $10 million ransom demand. The group allegedly targeted a Maryland pharmaceutical manufacturer and a California doctor’s office, according to CSO Online.

Healthcare organizations are frequent targets due to the vast amounts of personal data they hold. For instance, the Change Healthcare breach last year exposed the personal information of 100 million individuals, resulting in a $22 million ransom payment.

“Healthcare must invest more in cybersecurity, likely second only to education,” stated Goldberg. “Healthcare is well-known for its cybersecurity vulnerabilities and risks to employee and patient Personal Identifiable Information.”

The attack was linked to the AlphV/BlackCat ransomware group, though it’s unclear if those charged were involved. According to Trustwave SpiderLabs, Russia-based AlphV was responsible for about a quarter of all ransomware attacks in 2024.