top of page

Episode #


Journalist Renee Dudley on Writing About the Hunters and the Hackers

Show Notes

In this week's episode of the Future of Cyber Risk podcast, David speaks to Renee Dudley, reporter at ProPublica and co-author of The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime. Renee tells about how her investigative reporting focus took her to cybercrime and ransomware, and how in her research she met a "ransomware hunting team" of a dozen individuals who crack ransomware for victims and rarely ask for anything in return. She also talks about her investigation into companies who claim to help victims with ransoms but are actually scams and how individuals can protect themselves against a ransomware attack.

Topics discussed:

  • How Renee got into covering cybersecurity, which was sparked by seeing how CISOs were frustrated about not getting funding from their board, and which eventually became a primary topic of her investigative reporting.

  • How she researched and wrote The Ransomware Hunting Team, including the story of how she tracked down ransomware expert DemonSlay335 and learned about the independent threat hunting team made up of a dozen private researchers like him who help victims of ransomware.

  • What the mindset and altruistic motivation is behind individuals who crack ransomware and save victims millions of dollars (and it’s not fame and fortune).

  • How Renee investigated companies that offer assistance to those who have been impacted by ransomware, uncovering that while some are transparent and legit, some are scamming the victims that seek their help.

  • What steps individuals can take to protect themselves against a ransomware attack, including having offline backups, setting up 2FA, and being wary of phishing emails.

  • The similarities between the hunters and the hackers in terms of skills and motivation, including a mutual respect for each other, and how each team tries to recruit the other.

Quotes from Episode


"My background is investigative reporting, and I was covering companies at that time. I got together with my then editor ... to talk about story ideas. And I mentioned this corporate landscape of failing to invest adequately in cybersecurity, and I mentioned ransomware. And my editor was really taken with the ransomware part of it. He was almost in disbelief that files could be held for ransom in the same way that people could and kidnapped for ransom. And we decided together that I should just go all in on ransomware."


"I don't need to know how to write code to do my job. I don't have to do the work that the team does, but I have to understand it enough to write about it. And that's where sources like Michael and Fabian Wosar really are absolutely crucial. Before they were the subjects of a book about their team, they were my technical experts." (16:47)


"They're not motivated by the same things that motivate most people: fame, money, success, power. ... They say that they see fighting ransomware as a way to get back at the bullies of their youth. ... They see ransomware as, these are bad guys on our turf, we don't want them here. And they know that they're uniquely suited to fight back and to help victims. So that's their primary motivation. And a number of times the question of accepting payment from victims for their services has come up, and each time that they've rebuffed that." (12:10)


"Back in 2015, even earlier, victims of ransomware and other types of malware were coming to the site [BleepingComputer] and posting on forums, just desperate for help. And that's when the team members started converging and just responding to people on these forums who were looking for help. ... And the members of the hunting team — they weren't the hunting team yet, but they were this dedicated band of researchers who didn't know each other — the same people started responding with their solutions and their help, and it just evolved from there." (42:28)


"Prevention is the best course in all of this. And what does prevention look like? Well, number one, good backups. ... Backups that are adequately protected and offline, both online and offline. ... And then not having two factor authentication on. It's sadly not surprising to see that remains one of the ways that hackers are able to infiltrate big networks. Open RDP portals, and then of course, phishing emails. And sadly, those are just becoming more and more sophisticated." (26:26)

bottom of page