Senior Threat Intelligence Analyst at CrowdStrike
Josef Williamson is a Senior Threat Intelligence Analyst at CrowdStrike. He leads the Global Threat Analysis Cell’s Big Game Hunting mission, which is focused on ransomware and data theft and extortion activity. He previously held positions at EclecticIQ and Rabobank. He holds Master’s degrees in International Conflict Studies from King’s College London and History from University College London.
Between 2016 and 2022, WIZARD SPIDER rose to become one of the most prolific and sophisticated cybercrime actors ever seen. The adversary’s Conti and Ryuk ransomware campaigns, often supported by the BazarLoader and TrickBot malware, targeted organizations across the globe, catching the attention of security practitioners, policymakers, and mainstream media.
Following a series of damaging leaks in February and March 2022, WIZARD SPIDER’s operations ground to a halt and relevant personnel disbanded. This presentation provides various insights into the group’s internal workings and the aftermath of those leaks, with a particular focus on the fragmentation of the WIZARD SPIDER group into multiple distinct cybercrime operations, including the currently operational Black Basta and Royal Ransomware-as-a-Service programs.