Julian-Ferdinand Vögele

Julian-Ferdinand Vögele is a threat researcher at Recorded Future’s Insikt Group with expertise in malware research, threat hunting, and intelligence. Julian-Ferdinand focuses on malware analysis and malicious infrastructure detection. Before joining Recorded Future, Julian-Ferdinand worked in IT security at Security Research Labs, where he conducted security research and engaged in red team exercises. He completed his masters in computer science at UCL in London and is a scholar of the German Academic Scholarship Foundation.

‍

Talk (with Aleksandar Milenkoski): Ransomware’s New Masters: How States Are Hijacking Cybercrime [TLP: CLEAR]

Ransomware is no longer just a tool for financial extortion. Nation-states now use this destructive malware for disruption, misattribution, and evidence removal. In this talk, we explore how state-linked threat actors associated with some of the most prominent players in the cyber threat landscape — Russia, North Korea, China, and Iran —  are using ransomware not only for financial gain but to advance their strategic goals.

This talk takes a comparative look at the key differences and similarities in how these threat groups use ransomware. We examine their operational methods and objectives, considering how each country's geopolitical context shapes their approach. We provide both historical and current perspectives, including past cases and previously undisclosed details on recent cyber operations.

We also explore the growing involvement of state-linked actors in ransomware-as-a-service (RaaS) operations, leveraging cybercriminal networks to increase operational efficiency and maintain plausible deniability. Finally, we discuss the future of ransomware in state-sponsored operations, examining how and to what end states are likely to continue using this tactic, implications for defenders, and challenges in countering this threat.