How Ransomware Groups Respond to External PressureYelisey Bohuslavskiy of Red Sense on Why Large Ransomware Groups Have Decentralized
Ransomware groups, like legitimate businesses, must adapt and change as they grow, in response to trends and external pressures - such as law enforcement actions. To survive, many large ransomware groups have adopted decentralized structures, said Yelisey Bohuslavskiy, chief research officer and partner with Red Sense.
The now-defunct Conti group's downfall was triggered by a single leader's controversial statement about supporting Russia's invasion of Ukraine. This caused other leaders within the group to recognize the vulnerability of being dependent on centralized leadership and resources. As a result of "lessons learned," Bohuslavskiy said, the operation restructured as independent, decentralized units "to prevent having one person take down the whole operation."
In this video interview with Information Security Media Group at Black Hat USA 2023, Bohuslavskiy also discussed:
- Why adversaries are relying on customized malware;
- How compliance audits and cyber insurance requirements have shaped the ransomware landscape;
- How ransomware actors refine their targets by avoiding sectors unlikely to yield ransom payments.
Bohuslavskiy previously served as co-founder and head of research and development at threat intelligence firm Advanced Intelligence. He previously worked as a cyberthreat intelligence analyst at Flashpoint and due diligence researcher at Kroll.