Learn
active
Former ransomware negotiator sentenced 70 months for BlackCat attacks
- Engineer — Skip
- SOC/IR — Learn: Insider-threat angle is notable: attacker was a trusted IR professional with access to victim environments, illustrating how responders can become adversaries — relevant context for vetting IR vendors and monitoring privileged access during incidents.
- Leader — Learn: The case highlights vendor-risk and insider-threat exposure when engaging external IR firms — useful framing for board discussions on third-party access controls and contractual accountability during incident response engagements.
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.