All Events and Webinars

The New Ransomware Economics | Edwin Bowers & CrowdStrike on Modern Cyber Extortion

Cross Industry
Ransomware and Malware
April 1, 2026
Show Notes
Timestamps
Ransomware attacks are becoming faster, more targeted, and more financially driven than ever before. In this ZeroDayCon Conversations episode, Edwin Bowers from Smarttech247 is joined by Alex Bacik from CrowdStrike to examine how ransomware groups are evolving — and what organisations need to do to improve cyber resilience and incident response.

In-House Specialists

Edwin Bowers

Enterprise Security Specialist
View More

External Speakers

No external speakers for this session.

Key Strategic Takeaways

How has ransomware evolved beyond simple encryption?

Ransomware has matured into a sophisticated criminal business model. Attackers now focus on multi-extortion tactics, stealing data, exploiting identity, and targeting operations to maximize pressure on victims rather than simply encrypting systems. High-profile attacks in recent years all follow this pattern.

How is AI changing the ransomware threat landscape?

AI is lowering the barrier to entry for cybercriminals by enabling highly convincing social engineering, automated reconnaissance, and accelerated phishing campaigns. This elevates less sophisticated threat actors while also amplifying the most advanced ones, compressing the time between initial access and impact.

Why are less sophisticated attackers becoming more dangerous?

AI tools like generative AI make it easier for lower-skilled attackers to craft convincing attacks with minimal effort. Nation state actors are also misusing these tools in more advanced ways, including prompt injection to bypass guardrails in AI models, raising the overall threat level across the board.

Why are siloed security tools a problem for detecting ransomware?

Individual signals like failed logins or unusual VPN access may look insignificant in isolation. When security telemetry is fragmented across separate tools, these indicators never get correlated, and suspicious activity goes undetected. Centralizing logs and controls into a single view is essential for catching threats early.

What does effective detection look like in practice?

Effective detection involves correlating signals across identity, network, and infrastructure logs simultaneously. For example, combining multiple failed logins in Entra ID with unusual VPN access and abnormal VM activity can surface a suspicious event that no single alert would have flagged on its own.

No items found.
  • 0:00 Introduction
  • 0:38 How ransomware evolved beyond encryption
  • 1:26 Multi-extortion attacks and data theft tactics
  • 2:18 Real-world examples: Snowflake, Marks & Spencer, Wind Resort
  • 3:04 Why identity and operations are now prime targets
  • 4:01 AI and GenAI changing the ransomware landscape
  • 4:53 Nation-state misuse of GenAI and prompt injection
  • 5:40 AI-powered phishing and automated reconnaissance
  • 6:29 How AI lowers the barrier for cybercriminals
  • 7:12 Faster attack timelines from access to impact
  • 8:01 Why less sophisticated attackers are becoming more dangerous
  • 8:42 The importance of centralized security visibility
  • 9:24 Correlating identity, VPN, and infrastructure logs
  • 10:16 Detecting suspicious behavior through context and patterns
  • 11:03 Why siloed security tools increase risk
  • 11:42 Complexity as the enemy of cyber defense
  • 12:18 SIEM’s role in modern ransomware detection
  • 13:02 Bringing security telemetry into a single platform
  • 13:49 Improving detection and response through visibility
  • 14:28 Closing thoughts and final discussion
Watch More
Security Operations

Supply Chain & Third-Party Risk | Managing Hidden Cybersecurity Threats

Smarttech247 experts discuss how businesses can improve visibility, reduce third-party cyber risk, and strengthen resilience against supply chain attacks.
Watch Now

Building an Effective Security Strategy | Gavan Egan & Raluca Saceanu on Cyber Resilience

Smarttech247 discuss the key cybersecurity priorities organisations should focus on in 2026 while also previewing major themes from ZeroDayCon.
Watch Now

Protecting Critical Infrastructure | Palo Alto & Smarttech247 on Cyber Resilience

Smarttech247 and Palo Alto discuss the increasing cyber threats targeting critical infrastructure and essential services.
Watch Now

Ready to scale your security and compliance operations?

We protect your on-premise/cloud/OT environments - 24x7x365

Talk to Our Experts