We often imagine cybercriminals as shadowy figures in hoodies operating from overseas bunkers. But a shocking case revealed by the Department of Justice this week proves that sometimes, the threat is right here at home—and wearing a “security expert” badge.
On Tuesday, two American cybersecurity professionals, Ryan Goldberg and Kevin Martin, pleaded guilty to using their advanced skills not to stop hackers, but to join them. These men worked in the cybersecurity industry by day but “moonlighted” as cybercriminals between April and December 2023. They utilized the notorious ALPHV BlackCat ransomware to lock up victim networks and extort money.
The details of their operation are chilling. Operating under a “Ransomware-as-a-Service” model, the pair agreed to pay the ransomware developers a 20% cut of any stolen funds, keeping a massive 80% share for themselves. In one instance alone, they successfully extorted a victim for approximately $1.2 million, subsequently laundering the proceeds to hide their tracks.
Assistant Attorney General A. Tysen Duva put it best: “These defendants used their sophisticated cybersecurity training and experience to commit ransomware attacks — the very type of crime that they should have been working to stop.”
This case serves as a stark reminder: technical skill doesn’t always equal ethical character. If trained professionals can turn to the dark side, who can you trust? Here is how to protect yourself when “trust” isn’t enough:
-
Backups Are Your Ultimate Safety Net: These criminals rely on panic. They lock your files and demand payment. If you have an offline backup (an external hard drive that isn’t left plugged in), their power over you vanishes. You can simply wipe the system and restore your data.
-
Trust But Verify (Zero Trust): In the industry, we call this “Zero Trust.” Whether it’s a vendor for your small business or a “tech support” agent on the phone, never give someone unchecked access to your digital life just because they claim to be an expert.
-
Layer Your Defenses: Don’t rely on a single antivirus program or a single IT person. Use Multi-Factor Authentication (MFA) and keep your software updated. The harder you make it to get in, the less likely even a sophisticated attacker will bother with you.
The digital world can be wild, but you don’t have to face it alone. Stay skeptical, keep your backups updated, and I’ll see you next week.
Feeling lost in the digital world? Dr. Tom is here to help!
Join Dr. Tom every week in his column, Dr. Tom’s Cyber Bits and Tips, for byte-sized advice on all things cyber and tech. Whether you’re concerned about online safety, curious about the latest cybercrime trends, or simply want to navigate the ever-evolving digital landscape, Dr. Tom has you covered.
From practical cybersecurity tips to insightful breakdowns of current threats, Dr. Tom’s column empowers you to stay informed and protect yourself online. So, dive in and get savvy with the web – with Dr. Tom as your guide!
Sign up for our Sunday Spectator. Delivered to your inbox every Sunday, with all the news from the week.
