Cybersecurity

Wolves In Sheep's Clothing: Two "Security Pros" Get Four Years For BlackCat Ransomware

NeglectedSheep

2 min read
Share
Wolves In Sheep's Clothing: Two "Security Pros" Get Four Years For BlackCat Ransomware

Oh good. Great. Fantastic. Two people who were supposedly on OUR side decided to moonlight as the wolves they were supposed to be protecting us from. I found this out at 2am while eating cold leftover pizza and staring at a SIEM dashboard that refuses to make sense. My night is going great, thanks for asking.

Ryan Goldberg, 40, from Georgia, and Kevin Martin, 36, from Texas, both cybersecurity professionals, spent most of 2023 deploying BlackCat ransomware against victims across the country. April through December. Nine months of active predation. The Department of Justice finally got around to sentencing them to four years each, which honestly feels like a light nap compared to the damage they caused.

Four years. Four. I've had tickets sitting in the queue longer than that.

Here's what really gets me about this. These weren't your standard wolves sniffing around the electric fence looking for a hole. These were the people who were SUPPOSED to be checking the fence. They knew the layout. They knew the gaps. They knew exactly where to dig. And they dug.

BlackCat, for the uninitiated lambs reading this, is a ransomware-as-a-service operation that has absolutely no chill. It's sophisticated, it's nasty, and it leaves fleas in places you won't find for months. The fact that credentialed security people were affiliated with it is, and I cannot stress this enough, a deeply unpleasant Tuesday.

The Shepherds in your organization will read this story and immediately schedule a "culture of trust" meeting. Please do not attend this meeting. It will accomplish nothing. Instead, quietly audit who has access to what and why.

Speaking of which, the inside threat angle here is not subtle. If someone with security credentials and network knowledge decides to go feral, your perimeter controls alone are not going to save you. This is a people problem wearing a technology costume.

I need more coffee.

Remediation

Look, I'm tired, but here's what you actually do:

  • Least privilege, always. Your security team does not need domain admin to do their job. Yes, even them. Yes, really.
  • Behavioral monitoring. Flag weird lateral movement, unusual data staging, and off-hours activity. Set the alerts. READ the alerts.
  • Segment everything. If ransomware can't move freely, it can't do the full damage. Build internal electric fences.
  • Offline, tested backups. Not Sky Pasture backups. Offline. Tested. Confirmed. Last week, not last year.
  • Vet your contractors and staff. Not just on hire. Periodically. People change. Circumstances change. Loyalty is not a static variable.

The wolves aren't always outside the fence. Sometimes they're on the payroll.

Staying paranoid so you don't have to, barely.

Original Report: https://thehackernews.com/2026/05/two-cybersecurity-professionals-get-4.html