In his Keynote talk at LABScon 24, Max Smeets explores how ransomware operators build a unique relationship between themselves and their victims. In contrast to most other threat actors, ransomware operators rely on and leverage public visibility into their activities. Unlike APTs and other threat actors that prize stealth, ransomware gangs seek to publicize their attacks in order to convince future victims that they are trustworthy enough to deliver on their promises – providing a decryptor and deleting stolen data – if paid.
In ‘The Ransomware Trust Paradox’, Max observes that this notion of trust is not only a prerequisite for ransomware gangs’ profitability but also relies on media and security vendor reporting. Detailing the mechanisms by which ransomware operators establish trust, build brand awareness, and foster a reputation for reliability, this talk is essential viewing for anyone reporting on crimeware activities.
Max calls for the establishment of a reporting code of ethics for threat intelligence and the media, and a shift in policy to undermine the trust dynamics between threat actors and their victims.
About the Author
Max Smeets is the author of Ransom War: How Cyber Crime Became a Threat to National Security and No Shortcuts: Why States Struggle to Develop a Military Cyber Force. Max is Co-director of Virtual Routes and Senior Researcher at ETH Zurich.
About LABScon
This presentation was featured live at LABScon 2024, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.
Keep up with all the latest on LABScon 2025 here.
