The Ransomware Ecosystem: Operators, Affiliates & Access Brokers

When ransomware-as-a-service (RaaS) was introduced to the cybercrime landscape in the mid-2010s, it significantly lowered the bar to entry for cybercriminals. As a result, the scale of ransomware operations expanded, allowing cybercrime groups and their affiliates to exploit more networks resulting in higher revenue. Expertise also improved as each element of the process became specialized, making ransomware the formidable threat it is today. In this session, Senior Security Researcher and intel analysis lead for cybercrime Tim Mitchell will discuss why understanding and tracking the TTPs of everyone involved in ransomware operations is important, regardless of the variant. He’ll also outline why the attribution of precursor activity is important, and how accurately doing so can inform our customers and better protect them from ransomware.