Ransomware operators charged in US campaign

Author

Taylor Hawes
November 05, 2025

From the Editor’s Desk

As organizations extend their operational footprint into manufacturing, healthcare and industrial systems, the boundary between IT and OT grows ever thinner. The recent joint guidance issued by Cybersecurity and Infrastructure Security Agency (CISA) and National Cyber Security Centre (NCSC) of the UK emphasises clarity around asset records and third-party connectivity in OT environments. Are enterprise security teams prepared to treat OT systems with the same rigour as IT?

🔎 Deep Brief

Ransomware operators charged in US campaign

Two alleged cybersecurity professionals, identified as Ryan Clifford Goldberg and Kevin Tyler Martin, have been indicted for deploying the ALPHV/BlackCat ransomware across multiple U.S. firms. The campaign, active between May 2023 and April 2025, targeted healthcare, pharmaceutical, manufacturing and engineering companies. The indictment alleges more than US$17.5 million in ransom demands, including one approximately US$10 million extortion from a medical-device manufacturer in Tampa.

What stands out is that the perpetrators are described as “cybersecurity professionals,” indicating that advanced operational skill sets are being channeled into criminal enterprises. The methodology mirrors typical BlackCat operations: network intrusion, data theft, deployment of encryption malware, extortion demands

Takeaway

Organizations must assume adversaries may possess deep technical proficiency and must apply layered defences—not only perimeter protection, but rapid detection, network segmentation, host-based monitoring, and a tested incident response plan that covers ransom scenarios.

🧠 Strategy in Action

Joint US-UK OT Guidance

In a joint publication, the U.S. and UK governments issued guidance aimed at organizations that own or operate operational-technology (OT) systems.  

The guidance emphasises five key principles: 

  • A “definitive record” of OT assets

  • Establishment of an OT information-security management program

  • Asset-based risk categorization

  • Documented connectivity (including vendor/third-party links)

  • Clear accountability for third-party risk. 

From a strategic standpoint, companies should take three immediate steps. 

  1. Develop and maintain an OT asset inventory (the “definitive record”) that is accurate and continuously updated. 

  2. Integrate OT risk into the broader information-security management system, treating OT as part of the enterprise ecosystem—not a separate silo. 

  3. Review all third-party/vendor connections into OT systems: what access is permitted, how is it managed, what audit/logging is in place.

Takeaways: 

For organizations, this means operational alignment among IT-security, OT operations, supply-chain and vendor management. It also means governance: board-level oversight of OT risk, metrics for OT-cyber resilience, and alignment with regulatory frameworks where applicable.

🕵️ Threat Actor Spotlight

Turla

Turla is a cyber-espionage organisation known to target governments, embassies, military, education and research institutions since at least 2004. 

Key tactics:

  • Spear-phishing (often watering-hole techniques)

  • Deployment of custom backdoors and malware

  • Credential and privilege collection

  • Lateral movement within networks

  • Exfiltration of high-value data. 

Defense strategy:

  • Focus on detecting the tell-tale signs of espionage rather than purely financial attack vectors. Monitor unusual service accounts

  • Flagging anomalous outbound traffic to cloud storage

  • Control USB/removable-media use

  • Ensure logging/forensics are enabled.

🛠️ Tool Check

Ping Monitoring Tools for Network Connectivity

Ping tools remain one of the simplest yet most effective ways to verify network connectivity, measure latency, and identify device availability issues. 

The top-rated tools in this category include:

  • Domotz: A cloud-based network monitoring system that uses Ping checks to test internet paths and local routes, combined with real-time status tracking and network mapping.

  • Paessler PRTG Network Monitor: A full-featured monitoring suite offering multiple Ping-based sensors, including standard Ping, Jitter, and Cloud Ping, to measure latency and uptime across complex networks.

  • Site24x7: A cloud-delivered monitoring solution that uses Ping to monitor website and network response times, helping teams identify connectivity or performance issues early.

  • ManageEngine OpManager: A comprehensive network and server monitoring platform that applies Ping tests for device availability and integrates them with broader performance metrics.

  • ManageEngine Applications Manager: A unified monitoring system with a built-in Ping tool under its user experience section, providing color-coded status indicators for quick network health assessments.

🗣️ Community Signal

Humans operate with some pretty well-understood rules. Like you can model how most humans will interact with things. And if you say, “Hey, I’m going to put a security control in your way and you have to take an extra 30 seconds every time you do a task,” they’re going to at some point be like, “This is stupid. Why am I wasting my time with this? Let me go around the task.” That’s not the human doing the wrong thing. That’s the human doing the right thing from the business perspective. So, always design with humans in mind, human-centric design that deals with the infrastructure you have today, but is aimed at the future.. Andy Ellis, principal of Duha.

📚 Don’t Miss This

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Friday’s edition - Let’s keep that zero-day count at zero!