Ransomware gangs focus on winning hearts and minds | Computer Weekly

Ransomware gangs focus on winning hearts and minds | Computer Weekly

Briefly

"The tried-and-tested 'business models' favoured by some of the world's most adept, and dangerous, ransomware gangs are scaling rapidly as cyber criminals increasingly adopt structured affiliate models and actively seek out new recruits, including malicious insiders and even cyber pros themselves, according to NCC Group's latest monthly round-up of the threat environment. That cyber criminal gangs operate as an organised industry is of course nothing new, and is well-known and understood across the security industry and these days, beyond its confines."

"However, said NCC, amid a 13% rise in recorded ransomware attacks during December 2025, the growing financial 'success' of ransomware gangs is enabling them to offer stronger financial incentives - including larger commissions - to their new recruits, and improved operational security (OpSec) measures, both signs of growing professionalisation in the ecosystem/ NCC's Matt Hull said that ransomware-as-a-service (RaaS) gangs now view employees, contractors, and trusted partners as gateways into victim organisations, and enthusiastically target them in order to gain legitimate access to credentials,"

"He cited a well-reported incident in which the Medusa ransomware gang unwisely targeted the BBC by approaching its cyber security correspondent, Joe Tidy. The gang messaged Tidy on the encrypted Signal application to offer him 15% of a future ransomware payment if he gave them access to his PC. When this was rebuffed, Medusa's recruiter upped the offer to a quarter of 1% of the BBC's revenues, and promised Tidy he would never have to work again."