

CST Replay: The Ransomware Ecosystem with Tammy Harper
Sep 20, 2025
In this engaging discussion, Tammy Harper, a threat intelligence researcher at Flare.io specializing in ransomware, delves into the intricate ransomware ecosystem. She reveals how ransomware has evolved into a business with models like Ransomware as a Service (RaaS) and discusses the roles of initial access brokers. Tammy highlights infamous groups like Conti and LockBit, their double and triple extortion tactics, and the significance of negotiation strategies. This episode is a treasure trove for understanding the mechanisms of the cybercrime underground.
AI Snips
Chapters
Books
Transcript
Episode notes
Ransomware As A Business Model
- Ransomware operates as a business platform with RaaS affiliates taking ~80% of ransoms and developers taking ~20%.
- Initial access brokers sell fresh, exclusive corporate access that boosts affiliate ROI and campaign success.
Double Extortion And Public Shaming
- Double extortion pairs encryption with data exfiltration to increase leverage and payments.
- Attackers publish victims on leak blogs to shame targets and pressure payment decisions.
Ransomware History And Inflection Points
- Ransomware dates back to the 1989 AIDS Trojan and evolved through weak encryptors in 2005–2010 to modern RaaS.
- The WannaCry worm and crypto payments accelerated professionalization and global impact.