CyberWire Daily No honor among thieves. [Research Saturday]
35 snips
Oct 11, 2025 In this captivating discussion, John Fokker, Head of Threat Intelligence at Trellix, dives into the chaotic world of cybercriminal ecosystems. He reveals how once-cohesive ransomware groups are unraveling due to distrust, sparking infighting and exit scams. As traditional Ransomware-as-a-Service partnerships break down, smaller gangs emerge, focusing on data extortion over full encryption. John emphasizes the role of law enforcement in eroding trust and shares strategies for sowing discord among criminals, hinting at a future where ransomware may splinter into a freelance model.
AI Snips
Chapters
Transcript
Episode notes
Ransomware's Evolution To Criminal Empires
- Ransomware evolved from consumer spray attacks to coordinated big-game hunting that required partnerships and trust.
- Those partnerships enabled corporate-style empires and large-scale, lucrative operations.
Reputation Hits Matter More Than Takedowns
- Law enforcement and reputation attacks damage criminal trust more than infrastructure takedowns.
- Damaged reputation cascades across affiliates and undermines the whole ransomware business model.
LockBit Infiltration And Fallout
- Fokker described how the FBI and NCA infiltrated LockBit and used its leak site to troll and damage its reputation.
- He linked that operation to affiliates scattering and LockBit struggling to rebuild trust.