3372: Rapid7 Breaks Down the Business of Ransomware

Aug 5, 2025

In a fascinating discussion, Raj Samani, Chief Scientist at Rapid7 and co-founder of the No More Ransom Initiative, dives into the business-like evolution of ransomware. He reveals how attackers now operate with sophisticated strategies, resembling corporate structures complete with support teams. Raj explains the growing reputational risks for organizations, highlighting that CEOs are more worried about public perception than just locked files. Real-world scenarios illustrate the lengths criminals go to, often lingering in networks for months before striking.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Ransomware's Professional Evolution

Ransomware has evolved from amateur attacks to a highly professionalized business with helpdesks and R&D.
Criminal groups act strategically to stay a step ahead of cybersecurity efforts worldwide.

INSIGHT

AI Not Essential for Criminals Yet

AI is a powerful technology, but many ransomware criminals don't need it yet.
They exploit easy vulnerabilities like exposed credentials and poor hygiene, avoiding costly AI development.

ANECDOTE

CEOs' Secretive Ransomware Calls

CEOs often contact experts discreetly after ransomware hits, fearing reputational damage.
Many stop communication after initial advice, attempting to handle incidents without professionals.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of Tech Talks Daily, I caught up with Raj Samani, Chief Scientist at Rapid7, to unpack the rapidly evolving world of ransomware. Raj has been on the front lines of cybercrime response for years and has seen firsthand how these attacks have professionalized. Gone are the days of casual ransomware notes asking for a few hundred dollars. Today, these groups operate like fully formed businesses with help desks, R&D teams, and carefully designed extortion models.

We talked about how ransomware has become a reputational risk issue more than just a technical one. Raj shared that CEOs are often more concerned about data being exfiltrated and leaked to the press than they are about systems being locked down. It’s no longer just about recovering files. It’s about trust, public perception, and the long tail of brand damage.

One of the most revealing parts of our discussion was how these attacks typically unfold. Raj walked me through real-world scenarios where criminals have remained inside networks for months, even years, before launching their final payload. He also described how careful planning, coordinated strike days, and threat intelligence can disrupt an attacker’s kill chain before irreversible damage is done.

We explored the uncomfortable truth that many organizations still fall victim to basic attacks because of poor cyber hygiene. While the threat landscape is becoming more sophisticated with the use of zero-day vulnerabilities and social engineering, many breaches still happen through exposed RDP ports or convincing phishing attempts.

Raj also offered candid insights into the ethics and complexities of ransomware negotiations, why outright banning payments may backfire, and what companies should do in the first few hours after discovering they’ve been hit. He made it clear that cybersecurity is no longer just an IT issue. It affects everything from supply chains to public services and daily life.

Is your organization prepared for the moment when ransomware moves from IT’s concern to the boardroom’s crisis?