Why Ransomware Groups Are Now Much Scarier Than State Actors: Security Experts

Most cybercrime groups no longer follow any code of ethics — and have amassed huge amounts of wealth, according to experts at Zero Trust World 2025.

Most cybercrime groups no longer follow any code of ethics — and have amassed huge amounts of wealth — in many cases making them far more concerning as an adversary than even state-sponsored threat actors, according to security experts at Zero Trust World 2025.

Chris Tarbell, a former FBI special agent known for his work targeting cybercriminals, and Hector Monsegur, a penetration testing consultant and former black hat hacker, spoke Wednesday during the annual conference from cybersecurity vendor ThreatLocker in Orlando.

“State actors used to be the worst. They're going after your R&D, they're trying to take your information. And some are going after the money [such as] North Korea,” Tarbell said during a keynote session at Zero Trust World 2025. “But it's really these ransomware groups now that [are the bigger problem] because they're so rich. And we're just making them richer.”

Monsegur — who went by the online name “Sabu” and was a core member of the hacking group LulzSec — said that restrictions on ransomware payments would make a major difference in the intensity of the ransomware threat.

“As you start to limit those payments, you're going to see adversaries going back to the old school,” he said. “What’s the old school? The same exact thing I did 25 years ago — leveraging [known vulnerabilities] or misconfigurations, maybe zero days here and there, or social engineering.”

Without a doubt, the lucrative nature of cybercrime has led to the monumental shift in the threat landscape over the past decade, according to Tarbell.

“One of the biggest problems is the ethics of a hacker,” he said. “When Hector was around in hacking, they had ethics — they really had a code of ethics.”

“To a degree,” Monsegur said.

“But you would never have popped a hospital?” Tarbell said — to which Monsegur replied, “No.”

“And now we're seeing hospitals [impacted with] ransomware all the time,” Tarbell said. “There was a line that even the hackers back then didn't cross.”

Ultimately, many people are unaware of how much the threat has changed due to the wealth of the cybercriminal groups, he said.

“People don't realize how much money these ransomware guys have,” Tarbell said. “They have HR departments. They're offering signing bonuses. I'm not trying to tell you guys where to go get a next job — but you get a six-figure signing bonus at a ransomware group. If you have some skill set, it's out there.”

The fact that the nature of the threat has changed so dramatically is crucial for MSPs and their clients to recognize, according to Ted Flittner, principal at Aditi Group, a Torrance, Calif.-based MSP.

“Hackers have moved from being high school kids at home to hacking as a business,” said Flittner, who attended the session Wednesday. “This is a cartel. This is a major industry with all the resources. And so they operate differently.”

In speaking with clients, Flittner said he highlights the fact the ransomware is continuing to increase — and in all likelihood, “it's just getting ready to explode.”

“AI makes it available for anybody to do it. You don't have to have skills,” he said.