Jon DiMaggio, head of XFIL Cyber and a specialist in ransomware attacks, said that what’s significant in this investigation isn’t just that stolen data from 12 companies was recovered, but that researchers exposed how ransomware groups reuse infrastructure across multiple victims. “Most ransomware incidents end once you contain the encryption and restore systems,” he said in an email. “This case shows the real value is in following the attacker’s operational patterns to find what they left behind. It’s a reminder that ransomware is a business model, not one-off attacks, and that means there are opportunities to disrupt it at scale.”
Defenders shouldn’t count on lapses like the one made by INC to rescue them from attacks, however. In its report, Cyber Centaurs says this was an opening “that would not normally exist in a typical ransomware response.” But, it adds, if there are mistakes, defenders may be able to capitalize on them.
In an interview, von Ramin Mapp cautioned that lowering the risk of being hit by ransomware isn’t easy. Attackers will respond to every tactic defenders use, he said. It will help, he noted, if victim firms refuse to pay ransoms and thus take away the financial reward gang depend on.
