Data Security Decoded Scattered Spider: the Evolution of Identity-Based Ransomware
Sep 23, 2025
In this engaging discussion, Joe Hladik, the Head of Rubrik Zero Labs and a leading cybersecurity expert, reveals how the e-crime group Scattered Spider is reshaping the landscape of identity-based ransomware. He explores their tactics of double extortion and social engineering, which effectively bypass traditional defenses. Joe also highlights the vulnerabilities of legacy systems and the importance of cyber resilience, emphasizing recovery strategies that go beyond mere detection. Tune in for crucial insights on modern cybersecurity challenges!
AI Snips
Chapters
Transcript
Episode notes
Ransomware-as-a-Service Monetization
- Scattered Spider operates as a financially motivated RaaS affiliate to monetize access and exploits.
- They use double extortion by stealing data and threatening disclosure to force payment.
Identity-Based Attacks Evade Signatures
- Identity compromise plus social engineering lets attackers bypass signature-based defenses.
- Attackers ‘live off the land’ and abuse legitimate admin tools to move laterally undetected.
Phone Fraud And Vulnerable Drivers
- Scattered Spider uses vishing, posing as empathetic IT staff to trick help desks into resets or MFA bypasses.
- They also load signed but outdated vulnerable drivers to disable EDR like CrowdStrike Falcon.