Navigating Shifts in Ransomware TTPs Through the Minds of Basta Actors

Bavi Sadayappan | Zach Riddle

A core threat intelligence analysis goal is to identify changes and shifts in threat actor TTPs to educate and empower defenders. While we routinely identify and report on these changes, the exact rationale for these shifts is often unclear to analysts. In this talk we will step inside the mind of notorious ransomware operators and examine the threat actors’ thought processes throughout the stages of the attack lifecycle, and explore the rationale behind why ransomware operators chose specific techniques broadly and how they adjust techniques on the fly during intrusion operations. Further, we will map this activity to Google Threat Intelligence Group’s ransomware observations throughout 2023 and 2024 to explain the reasoning behind our observed trends.