NeedleStack Ransomware’s Collateral Damage
Oct 1, 2025
In this engaging discussion, Jason Baker, an expert in security consultancy and former U.S. Marine, dives into the complex world of ransomware. He explores the intricacies of ransomware attribution, emphasizing the significance of understanding threat actor behavior. Jason highlights the alarming trend of healthcare becoming a prime target and discusses how AI is reshaping both the attack strategies of adversaries and the defenses of cybersecurity teams. His insights into operational security and the dynamics of noisy versus stealthy attacks provide a thought-provoking look at the evolving landscape of cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Attribution Requires Behavior, Not Just Labels
- Ransomware attribution is complex because most operations use a ransomware-as-a-service affiliate model.
- Analysts must move beyond simple indicators and focus on TTPs and tooling to cluster behavior for better attribution.
Prioritize TTPs Over Atomic Indicators
- Move up Blanco's pyramid of pain by prioritizing tactics, techniques, and procedures over hashes and IPs.
- Use TTP and tooling patterns to cluster adversary behavior for more actionable defenses.
Attribution Value Scales With Organization Size
- Attribution matters most for larger organizations that can act on intelligence and anticipate repeat attacks.
- Smaller organizations often face opportunistic attacks and gain limited value from deep attribution work.