ransomware🌍AmericasCSO Online
Cybersecurity Pros Plead Guilty to BlackCat Ransomware Extortion
Friday, January 2, 2026
What
Two cybersecurity professionals leveraged BlackCat ransomware-as-a-service to extort five US companies, resulting in over $9.5 million in losses. This highlights the insider threat potential and the widespread impact of RaaS models, even leading to a successful FBI decryption tool for BlackCat.
Where
Five US companies (Florida, Maryland, California, Virginia). The broader BlackCat group targeted over 1,000 victims globally.
When
Attacks occurred April-December 2023. Plea agreements accepted December 2025, sentencing March 2026. BlackCat group was "defanged" December 2023.
Key Factors
- •The defendants, cybersecurity professionals, utilized a ransomware-as-a-service (RaaS) model, identifying victims and deploying BlackCat ransomware without developing the malware themselves.
- •Victims included a medical device company, pharmaceutical company, doctor's office, engineering firm, and drone manufacturer, demonstrating diverse targeting across critical sectors.
- •The FBI successfully developed a decryption tool for BlackCat/ALPHV in December 2023, significantly mitigating its impact and saving hundreds of victims an estimated $99 million.
Takeaways
- →Organizations should implement robust insider threat detection programs and enforce strict access controls, especially for cybersecurity personnel.
- →Businesses must prioritize offline and immutable backups and maintain incident response plans, as even cloud copies can be exploited by sophisticated ransomware like BlackCat.
Read Full Article
Opens original article on CSO Online
