Cybersecurity Today

CST Replay: The Ransomware Ecosystem with Tammy Harper

Sep 20, 2025
In this engaging discussion, Tammy Harper, a threat intelligence researcher at Flare.io specializing in ransomware, delves into the intricate ransomware ecosystem. She reveals how ransomware has evolved into a business with models like Ransomware as a Service (RaaS) and discusses the roles of initial access brokers. Tammy highlights infamous groups like Conti and LockBit, their double and triple extortion tactics, and the significance of negotiation strategies. This episode is a treasure trove for understanding the mechanisms of the cybercrime underground.
Ask episode
AI Snips
Chapters
Books
Transcript
Episode notes
INSIGHT

Ransomware As A Business Model

  • Ransomware operates as a business platform with RaaS affiliates taking ~80% of ransoms and developers taking ~20%.
  • Initial access brokers sell fresh, exclusive corporate access that boosts affiliate ROI and campaign success.
INSIGHT

Double Extortion And Public Shaming

  • Double extortion pairs encryption with data exfiltration to increase leverage and payments.
  • Attackers publish victims on leak blogs to shame targets and pressure payment decisions.
INSIGHT

Ransomware History And Inflection Points

  • Ransomware dates back to the 1989 AIDS Trojan and evolved through weak encryptors in 2005–2010 to modern RaaS.
  • The WannaCry worm and crypto payments accelerated professionalization and global impact.
Get the Snipd Podcast app to discover more snips from this episode
Get the app