Cybersecurity Staff Accused in BlackCat Ransomware Attacks on U.S. Companies

Federal prosecutors have charged two former cybersecurity professionals and an alleged accomplice in connection with a ransomware campaign targeting five U.S. businesses, including firms in the healthcare, pharmaceutical, engineering, and drone manufacturing sectors. The accused reportedly used the BlackCat (aka ALPHV) ransomware strain in a series of attacks from May to November 2023, demanding ransoms that totaled more than $16 million. One victim, a Florida-based medical device firm, paid over $1.2 million in cryptocurrency.

The defendants, whose roles included ransomware negotiation and incident response, allegedly used insider knowledge and technical expertise to breach corporate networks, steal sensitive data, and deploy ransomware. Court records indicate at least one defendant admitted to FBI investigators that the goal was to ‘try and ransom some companies’ as a way out of personal debt. While some victims refused to pay, others—particularly in the healthcare sector—were left with costly impacts. The companies involved span multiple industries and states, raising serious concerns about vendor trust, insider threats, and cybersecurity compliance.

For insurance claims adjusters, this case underscores the growing risk of insider-enabled cyberattacks and the complex claims issues that arise from ransomware events. Questions around data breach scope, regulatory response, and ransom reimbursement continue to evolve. This story also highlights the critical need to scrutinize cybersecurity vendors and their access to sensitive client systems. Adjusters working on cyber, tech E&O, and related lines may encounter heightened scrutiny of both insureds and third-party service providers in the aftermath of similar incidents.