Episode 229 - The Evolution of Ransomware: From Spray-and-Pray to Sophisticated Cybercrime

Welcome to this week's episode of the PEBCAK Podcast!  We’ve got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW)

Follow us on Instagram @pebcakpodcast

 

Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!

 

• • • 2016: The Dawn of Modern Ransomware
      • The debut of Petya and Russian-affiliated groups like CryptoWall, TeslaCrypt, and Locky.
      • Attacks were largely indiscriminate, targeting anyone from Fortune 500 companies to "Grandma's laptop."
      • Early mitigation tactics, like installing Russian language packs to avoid infection, highlighted the state-tolerated nature of these groups.

 

• • • 2017: Ransomware Goes Mainstream
      • A pivotal year with the WannaCry attack (attributed to North Korea’s Lazarus Group) and NotPetya (Russian-backed), causing billions in damages to companies in multiple verticals.
      • The SAMSAM attacks hit U.S. cities like Baltimore and Atlanta, marking Iran’s brief foray into ransomware.
      • Ransomware became a household name, sparking executive-level discussions in boardrooms.

 

• • • 2020: The Rise of Ransomware-as-a-Service
      • Groups like Ryuk, REvil, and Conti refined ransomware into a business model, outsourcing tasks like initial access and money laundering.
      • Double extortion emerged, with attackers stealing data and threatening to leak it, even if backups were restored.
      • Some groups introduced “terms of service,” avoiding hospitals and schools to dodge law enforcement scrutiny.

 

• • • 2021: Critical Infrastructure in the Crosshairs
      • High-profile attacks on Colonial Pipeline, JBS Foods, and Ireland’s National Health Service disrupted daily life, from gas shortages to meat supply issues.
      • These incidents underscored ransomware’s real-world impact, elevating cybersecurity to a boardroom priority.

 

• • • 2022: Geopolitical Shifts and New Players
      • Russian-backed groups like Conti and LockBit shifted focus to Ukraine amid the Russia-Ukraine conflict.
      • The rise of Scattered Spider, a Western-based group excelling at social engineering and SIM swapping, marked a shift from Eastern state-tolerated actors.

 

• • • 2023: Trust Breaks Down
      • The ALFV/BlackCat group’s $22 million rug pull against affiliates signaled the decline of Russian-backed ransomware dominance.
      • Scattered Spider solidified its reputation, targeting major hospitality and cleaning companies with sophisticated social engineering tactics.

 

• • • 2025: The Western Cybercrime Surge
      • Scattered Spider and affiliates like DragonForce dominate, hitting retailers, insurance, aviation, and automotive sectors.
      • The shift to Western-based actors, often young and operating in Five Eyes nations, makes them more vulnerable to law enforcement.

 

• • • Trends and Takeaways
      • The move from expensive zero-day exploits to cheaper n-day exploits and social engineering highlights attackers’ adaptability.
      • Double extortion and even “double dipping” (demanding additional ransoms months later) have become standard tactics.
      • The accessibility of AI tools and open-source platforms like Venice AI has lowered the barrier for creating ransomware, even for non-programmers.
      • Law enforcement’s increasing success in arrests and Bitcoin recovery (e.g., DarkSide’s downfall) offers hope for curbing cybercrime.

 

 

 

Dad Joke of the Week (DJOW)

 

Find the hosts on LinkedIn:

Chris - https://www.linkedin.com/in/chlouie/

Ben - https://www.linkedin.com/in/benjamincorll/