Black Hat Europe 2025: Reputation matters – even in the ransomware economy

Black Hat Europe 2025 opened with a presentation by Max Smeets of Virtual Rotes titled ‘Inside the Ransomware Machine’. The talk focused on the LockBit ransomware-as-a-service (RaaS) gang and Max’s research into their practices and operations. At their height, between 2022-2024, the group had 194 affiliates, of which 110 had managed to get a cyberattack to the point of negotiation, with 80 of the affiliates succeeding in getting paid by the ransomware group. (As a reminder, the business model of ransomware is layered: ‘affiliate’ refers to the team that researches the victim’s networks and identifies and exfiltrates the sensitive data to a ransomware gang, such as LockBit.)

Reputation is everything

A key message delivered by Max was regarding reputation, both of the victim and the ransomware group. The victim company needs to uphold their reputation with their customers and any hint of a data breach can significantly damage ...