Criminal wannabes now the biggest ransomware danger, says ex‑FBI cyber chief

April 8, 2026
aisecuritybusinesslaw
Teenager in a hoodie using a laptop while lounging on a sofa indoors.
Photo by www.kaboompics.com on Pexels

Novices outrun the pros

Cynthia Kaiser, a former FBI section chief who now runs Halcyon Ransomware Research Center, told reporters at RSA Conference that the most dangerous cybercriminals right now are often the least skilled. It has been reported that Kaiser — who left her deputy assistant director role in the FBI’s cyber division in June 2025 to join Halcyon — warned that less sophisticated operators, the ransomware‑as‑a‑service copycats and “wannabes,” can be wildly destructive precisely because they don’t know what they’re doing. If they don’t know what they’re doing, you might never get your data back, she said. Ouch.

Iran‑linked attack and the chaos of amateur operators

It has been reported that Halcyon investigated a late‑February ransomware strike against a US healthcare organisation allegedly tied to an Iran‑linked group known as Pay2Key. Investigators found a compromised admin account that had lingering access for days before the team deployed ransomware and encrypted the environment in roughly three hours. Kaiser said the variant used showed improved anti‑detection features compared with prior intrusions — and, oddly, there was no clear sign of data theft, suggesting destruction rather than double‑extortion. Allegedly, government‑connected crews can turn espionage accesses into destructive attacks at whim; that possibility is chilling.

Why this matters now

Ransomware isn’t abstract heat anymore; it’s hitting hospitals and shutting down services — “it kills people today,” Kaiser said — and it has been reported that combined ransomware and extortion losses reached nearly $155 million last year in the US. So which is worse: a polished crew or a panicked amateur with a destructive payload? Kaiser’s point is blunt: the amateurs can be more dangerous because chaos is messy and permanent. The industry’s challenge is no longer just tracking nation‑state tradecraft — it’s cleaning up the fast‑moving, often accidental damage from an army of digital arsonists.

Sources: The Register