Cynthia Kaiser, a former Deputy Assistant Director of the FBI’s Cyber Division and current Senior Vice President at the Halcyon ransomware research center, warns that unskilled 'novice hackers' often inflict more catastrophic consequences on businesses than organized professional groups.
Speaking during the RSA Conference, Kaiser noted that many inexperienced attackers are reckless when deploying ransomware. Because they do not fully understand the mechanics of the malware they use, these attacks frequently lead to the total corruption of encrypted data, rendering recovery efforts impossible. For businesses, this sloppy approach is often more destructive than the calculated extortion tactics of professional hackers.
Kaiser spent two decades at the FBI, where she focused on state-sponsored cyber threats from countries including China, Russia, Iran, and North Korea. She admitted that while she spent years focused on 'potentially catastrophic' nation-state threats, she eventually realized that ransomware has become the most pressing real-world challenge today.
'It makes me angry because ransomware doesn't just target businesses; it attacks hospitals, directly threatening lives,' Kaiser said. Data shows that last year alone, ransomware and related extortion attacks cost individuals and businesses in the U.S. nearly $155 million.
The Divide Between Amateur and Professional Threats
Kaiser’s team recently investigated a variety of attack types, ranging from the Iranian state-backed group Pay2Key to the emerging 'Ransomware-as-a-Service' (RaaS) platform, Sicarii. While their backgrounds differ significantly, both are capable of delivering devastating blows to business operations.
Take Pay2Key, for example, which targeted a U.S. healthcare facility in late February. Investigations revealed that the group utilized previously compromised administrative accounts to encrypt the entire environment in just three hours. Kaiser pointed out that these state-sponsored groups excel at leveraging long-term, dormant access to turn threats into active attacks at a moment's notice.
In contrast, novice groups like Sicarii present a different challenge. They often rely on low-cost, off-the-shelf exploit kits. While they lack sophisticated infiltration strategies, their haphazard encryption methods leave victims at an extremely high risk of permanent data loss.
Kaiser emphasized that cybersecurity defenses must shift from focusing solely on nation-state actors to building comprehensive resilience against the pervasive threat of ransomware. Whether the attacker is driven by political motives or financial gain, once a defense is breached, the consequences are often irreversible.
