Talk with Jason Nurse 'Inside ransomware groups: An analysis of origins, structures, and dynamic
Ransomware has become one of the most significant cybersecurity threats facing organisations worldwide, yet our understanding of the groups behind these attacks remains limited.
Talk with Jason Nurse 'Inside ransomware groups: An analysis of origins, structures, and dynamic
04 Mar 2026, 11:00 – 13:00
Abstract:
Ransomware has become one of the most significant cybersecurity threats facing organisations worldwide, yet our understanding of the groups behind these attacks remains limited. In this talk, we examine three of the most prominent ransomware groups of the past five years, Conti, LockBit, and BlackCat/ALPHV, which have been responsible for major attacks across healthcare, finance, and critical national infrastructure. Drawing on a systematic analysis of over 500 dispersed sources, including ransomware group communications, we explore where these groups come from, how they are organised, and how they operate. While each group is distinct, the analysis reveals striking shared characteristics, including Russian origins, business-like structures, strong leadership, brand-building practices, ransomware-as-a-service models, multi-level extortion, and a tendency toward retaliation. The talk highlights what these similarities reveal about the modern ransomware ecosystem and discusses practical implications for disruption and mitigation, including targeting affiliate networks, undermining group branding, and exposing key members. We conclude by introducing a conceptual framework for analysing and comparing ransomware groups in future research.
Bio:
Dr Jason R.C. Nurse is a Reader in Cyber Security in the Institute of Cyber Security for Society and the School of Computing at the University of Kent. He also holds the roles of Associate Fellow at The Royal United Services Institute (RUSI), Visiting Fellow in Defence and Security at Cranfield University, and Research Member of Wolfson College, University of Oxford. His research interests include human aspects of cyber security, ransomware, cyber harms, cyber insurance, security culture, and corporate communications and cyber security. Dr Nurse has published over 180 peer-reviewed articles in prestigious security journals, and his research has been featured in national and international media including the BBC, Associated Press, The Wall Street Journal, The Washington Post, Newsweek, Wired, The Telegraph, and The Independent. Prior to joining Kent in 2018, Dr Nurse was a Senior Research Fellow in Cyber Security at the University of Oxford and before that, a Research Fellow in Psychology at the University of Warwick.
