Cyber Threat Intelligence Podcast Why Ransomware Attribution Keeps Getting Harder (Katya Kandratovich & Pedro Kertzman)
Attribution is getting weird. The same ransomware ecosystem that used to leave clear fingerprints is now full of affiliate “job hopping,” shared tooling, rapid rebrands, and deep web noise that can trick even experienced cyber threat intelligence teams.
Pedro Kurtzman sits down with Katya Kandratovich to map what’s changing and what’s stubbornly staying the same. We talk about why ransomware remains a dominant cyber threat, how law enforcement takedowns disrupt infrastructure without ending the business, and why ransomware-as-a-service programs keep professionalizing. Katya explains how affiliates move between groups for better payouts and support, and why that movement blurs profiling, negotiation patterns, and incident expectations.
We also get practical about defense. Katya shares how she treats attribution as a decision-support tool, not a badge you follow blindly, and how to separate credible reporting from rumor when doing deep web monitoring. Then we dig into the intrusion basics that still work at scale: phishing and vishing boosted by AI, stealer logs that include portal context, and zero-days and internet-facing app exposure that won’t go away. We explore “living off the land” tradecraft where attackers abuse legitimate admin and device management tools, plus pressure tactics that target employees directly through calls and emails, sometimes even via personal addresses.
Finally, we zoom out to supply chain attacks, MSP risk, third-party integrations, and developer package threats, and we confront a troubling trend: some groups now openly allow healthcare targeting.
Subscribe for more cyber threat intelligence conversations, share this with your security team, and leave a review so more defenders can find the show.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!