Threat Hunter Greg Linares on the modern ransomware playbook

(Presented by TLPBLACK: High-fidelity threat intelligence and research tools for modern security teams. From curated Passive DNS and real-time C2 monitoring to actionable IOC feeds and daily malware samples, we help defenders detect, hunt, and disrupt threats faster, with seamless integration into SIEM and SOAR workflows.)

Huntress threat intelligence analyst Greg Linares shares insights on the modern ransomware ecosystem, including how crews operate like businesses and why Akira, Medusa, RansomHub, and Qilin cause so much damage. Plus, signs of overlap between ransomware and nation-state activity, what “time to ransom” really means for defenders, and why techniques like ClickFix and credential theft keep working at scale.

The conversation also covers the surge in RMM tool abuse, how “living off the land” attacks can unfold without traditional malware, and the basic defenses smaller organizations can prioritize.

• TLPBLACK
• Huntress 2025 Cyber Threat Report
• Microsoft: Think before you Click(Fix)
• Akira Ransomware
• CISA: Protecting Against Malicious Use of Remote Monitoring and Management Software
• Ep9: The blurring lines between nation-state APTs and the ransomware epidemic
• Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines