The indictment of three cybersecurity professionals accused of running their own ransomware operation is a frightening reminder that those entrusted with protecting digital systems often possess the same skills required to exploit them.
While few want to imagine their own cybersecurity experts acting with malicious intent, the case reinforces the importance of a zero-trust approach—one that assumes every users and system could be compromised. Effective zero trust relies as much on a company’s culture and vigilance as it does on its technology.
According to an indictment filed in Florida last month, rogue employees of a Chicago company that specializes in negotiating ransomware settlements allegedly launched their own malware attacks against at least five U.S. organizations between May and November 2023. While there’s no evidence the accused targeted their own client, they are charged with using their insider knowledge of ransomware response tactics to prey on vulnerable entities.
Can You Trust the Experts?
Organizations must be constantly alert to breaches. Cybersecurity professionals must earn and re-earn their clients’ trust—and the principle of zero trust is an important starting point.
“‘Trust but verify’ is a phrase commonly used in cybersecurity to explain the need to continuously authenticate, verify, and scrutinize every device, user, and endpoint,” said Tracy Goldberg, Directory of Fraud and Security at Javelin Strategy & Research. “Even if a system or user is trusted, their authenticity and actions must constantly be verified to prevent unauthorized network access and malicious activity.”
Healthcare Has Unique Vulnerabilities
According to an affidavit, the first attack occurred in May 2023, when a medical company in Florida was targeted with a $10 million ransom demand. The group allegedly went on to attack a Maryland pharmaceutical manufacturer and a California doctor’s office, according to CSO Online.
Healthcare organizations are frequent targets of such attacks because of the vast amounts of personal data they hold. Last year, the personal information of 100 million individuals was stolen during a ransomware attack on Change Healthcare, which resulted in a $22 million ransom payment.
“Healthcare must invest more in cybersecurity, perhaps second only to education,” said Goldberg. “Healthcare is widely known for its cybersecurity vulnerabilities, and exposure of employee and patient Personal Identifiable Information.”
That attack was attributed to the AlphV/BlackCat ransomware group, the same group named in the recent Chicago indictments, though it remains unclear whether the individuals charged were involved in that particular incident. According to Trustwave SpiderLabs, Russia-based AlphV was responsible for roughly a quarter of all ransomware attacks in 2024.
