This track provides an unfiltered, real-world view into the modern ransomware ecosystem and how it operates as a mature criminal industry. Participants will gain insight into how ransomware groups organize, monetize attacks, and scale operations through affiliates, initial access brokers, and data-leak platforms. The focus is on understanding attacker incentives, decision-making, and business models in order to defend against them more effectively.

Topics include ransomware-as-a-service (RaaS) operations, double and triple extortion tactics, data-theft and leak-site dynamics, victim profiling, and negotiation realities. The track also covers defensive strategies informed by attacker behavior, including early indicators of ransomware campaigns, incident response planning, recovery constraints, and the impact of cyber insurance and regulatory pressure on response decisions.

Through case studies, simulations, and attacker-centric analysis, participants will develop a realistic understanding of how ransomware attacks unfold in practice—and how organizations can disrupt them before, during, and after an incident.