Criminal wannabes even more dangerous than the pros

Ex-FBI cyber division deputy assistant director Cynthia Kaiser, now SVP at Halcyon's Ransomware Research Center, discusses the evolving ransomware threat landscape. She highlights two extremes: sophisticated nation-state-linked groups like Iran's Pay2Key, which encrypted a US healthcare org in three hours and appeared more focused on destruction than financial gain, and unsophisticated 'wannabe' criminals like Sicarii, whose flawed malware discards the private key after encryption — making decryption impossible. Kaiser warns that AI-assisted but poorly coded attacks from low-skill criminals are increasing attack volume, overwhelming defenders even if individual attacks are unsophisticated. Meanwhile, professional groups like Akira are moving from initial access to full encryption in under an hour, leaving defenders with far less response time than before.