How Do Ransomware Gangs Work?

Summary:

In this episode of Exploring Information Security, we dive deep into the dark, complex world of ransomware gangs with returning guest Kyle Andrus. Drawing on leaked chat logs, real-world cases, and extensive incident response experience, Kyle helps us understand the internal operations, motivations, and evolution of these cybercriminal organizations.

We explore how ransomware gangs are structured like modern corporations—with developers, access brokers, negotiators, HR, and even customer support. Kyle also shares insights into how these gangs are adapting to legal pressure, sanctions, and the cybersecurity community’s defensive advancements.

Topics covered:

  • The organizational structure of ransomware gangs

  • Ransomware-as-a-Service (RaaS) models and profit sharing

  • Affiliate programs, access brokers, and laundering tactics

  • The impact of geopolitics on ransomware operations

  • Creative pressure tactics, including triple extortion and SEC complaints

  • The role of insider threats and chat log leaks (e.g., Conti)

  • Use of AI by defenders and attackers

  • The evolving response of law enforcement and regulation

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

How do ransomware gangs work?
Kyle Andrus


What is the Ransomware Defense Initiative (RDI)?

Summary:

In this episode, Timothy De Block sits down with Ed Rojas to discuss the origins and development of the Ransomware Defense Initiative (RDI). They explore Ed’s motivation behind creating RDI, its evolution, and how it aids organizations in proactively combating ransomware threats.

Key Topics Discussed:

  • Origins of RDI: Ed explains his drive to identify effective controls against ransomware, focusing on proactive measures rather than reactive strategies.

  • Research Findings: Insights from extensive research on ransomware techniques and the identification of key controls.

  • Implementation: How RDI assists organizations in assessing their maturity and readiness against ransomware attacks.

  • Use Cases: Examples of how companies and new CISOs can utilize RDI for rapid assessment and strategic planning.

  • Future Developments: Upcoming features and improvements in RDI to enhance its utility and accessibility.

Quotes:

  • “I wanted to identify a set of controls that everyone should have implemented to be okay against ransomware.”

  • “Most recommendations focus on recovery. I wanted to focus on how we detect and mitigate ransomware attacks as early as possible.”

Resources Mentioned:

Contact Information:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

What is the Ransomware Defense Initiative (RDI)
With Ed Rojas