Cybersecurity

ALPHV (BlackCat) Ransomware Case: U.S. Cybersecurity Professionals Plead Guilty in Domestic Attacks

Cyber Hunter Team
January 9, 2026
2 min read
ALPHV (BlackCat) Ransomware Case: U.S. Cybersecurity Professionals Plead Guilty in Domestic Attacks

Two American nationals admit involvement in RaaS operations targeting U.S. victims

Two U.S. nationals have formally pleaded guilty to participating in ransomware attacks carried out using the ALPHV (BlackCat) platform against victims inside the United States during 2023.

The case highlights a significant dimension of modern cybercrime: threat actors operating from within national borders rather than abroad.

Ransomware-as-a-Service Model

Court documents revealed that the defendants operated under a Ransomware-as-a-Service (RaaS) structure.

Under this model:

  • The attackers paid approximately 20% of ransom proceeds to the BlackCat administrators
  • They leveraged the group’s infrastructure and tooling
  • Multiple companies and organizations across several U.S. states were targeted
  • Approximately $1.2 million in Bitcoin ransom payments were collected
  • Funds were laundered through various mechanisms to obscure their origin

One of the most striking elements of the case is that both defendants reportedly worked in the cybersecurity field.

According to the U.S. Department of Justice, the individuals had professional experience securing systems — knowledge that was ultimately used to exploit victims instead.

Officials emphasized that cyber threats do not always originate from foreign adversaries. In some cases, they emerge from within the same country.

ALPHV / BlackCat Background

The ALPHV (BlackCat) ransomware group has:

  • Targeted over 1,000 victims globally
  • Operated using a highly structured affiliate model
  • Experienced partial disruption in 2023 following FBI intervention
  • Seen decryption tools released that reportedly prevented nearly $99 million in ransom payments

The defendants are currently awaiting sentencing in March 2026 and could face up to 20 years in prison.

Broader Implications

The case raises broader questions about insider risk and professional ethics within the cybersecurity industry.

Does this case reflect a growing insider threat dynamic?

Or is it an isolated criminal incident amplified by its unusual circumstances?

What remains clear is that technical expertise alone does not determine alignment — intent does.

Indexed Under:
RansomwareALPHVCybercrimensider Threat
0x//PROT_SEC
Status: Active
Secure Infrastructure

Ready to secure your future?

Our experts are ready to provide the intelligence and protection your business needs to stay ahead of evolving threats.

Contact Us Now