Paul's Security Weekly (Audio) What We've Learned from LockBit and Black Basta Leaks (and News) - Ian Gray - PSW #888
Aug 21, 2025
Ian Gray, VP of Intelligence at Flashpoint and expert in cybercrime, joins to discuss insights from the LockBit and Black Basta leaks. He reveals how these leaks expose ransomware tactics and negotiation strategies, providing crucial intelligence for defenders. The conversation touches on the rise of opportunistic ransomware tactics, as well as the increasing influence of AI in cybercrime. Ian highlights actionable steps for security teams, emphasizing the importance of understanding adversary behaviors and bolstering defenses.
AI Snips
Chapters
Transcript
Episode notes
From Admin Work To Ransomware Research
- Ian Gray described starting at Flashpoint doing grunt admin work and growing into ransomware research over 11 years.
- He later pursued advanced degrees and now teaches while focusing on ransomware intelligence.
Ransomware Has Diversified Into Extortion
- Ransomware matured from mass targeting individuals to diverse modern extortion models including pure data extortion.
- Many newer groups avoid heavy tooling and focus on quick theft or pressuring victims to pay via threats.
Many Compromises, Few Payoffs
- From one leak's build tests only a few dozen victims paid despite many compromises.
- That shows attackers test many vectors but successful monetization often targets a small subset.