Scattered Spider: the Evolution of Identity-Based Ransomware
Identity-based ransomware is no longer a fringe tactic; it’s becoming the playbook of today’s most dangerous adversaries. Scattered Spider, a financially motivated e-crime group, has shifted the model from smash-and-grab encryption to a far more devastating combination of double extortion, social engineering, and hypervisor encryption attacks.
In this episode of Data Security Decoded, host Caleb Tolin welcomes back Joe Hladik, Head of Rubrik Zero Labs, to unpack how Scattered Spider is evolving the ransomware playbook. From double extortion and identity compromise to hypervisor encryption and legacy system exploitation, Joe explains why these tactics succeed where traditional defenses fail and why building cyber resilience, not just detection and response, is the critical next step for security leaders.
What You’ll Learn:
- How Scattered Spider leverages ransomware-as-a-service and double extortion to maximize payouts
- Why identity compromise and social engineering make traditional defenses ineffective
- How “living off the land” techniques and vulnerable drivers bypass signature-based tools
- Why legacy infrastructure and outdated backup systems are prime targets for exploitation
- What cyber resilience really means and how to build recovery into your security posture
Chapters:
0:00 Intro & Welcome
0:30 Joe Hladik on Scattered Spider’s Financial Model
3:15 Double Extortion & Data Disclosure Threats
6:53 Social Engineering and Living Off the Land
8:49 Old Techniques, New Impact: Vulnerable Drivers
10:55 Identity as the New Attack Vector
13:06 Hypervisor Encryption and Backup Systems Offline
14:19 Breakout Time: Why Speed Kills
16:21 Building Cyber Resilience
18:42 Closing Thoughts & Resources
Episode Resources:
Caleb Tolin on LinkedIn: https://www.linkedin.com/in/calebtolin
Joe Hladik on LinkedIn: https://www.linkedin.com/in/joseph-h-9248913
👉 Subscribe here: https://rbrk.co/4cVWzno
#DataSecurity #Ransomware #CyberResilience