Skip to main content
Emerging ThreatsMalware & Ransomware

Amateur Hackers Emerge as Growing Ransomware Threat

Hooded figure in shadows types on laptop surrounded by screens displaying ominous code and ransom demands.

"If they don't know what they're doing, you might never get your data back," Cynthia Kaiser warned — a blunt appraisal from a cybersecurity veteran who spent two decades at the FBI and says ransomware is now "the biggest threat today."

From federal investigations to ransomware research

Kaiser, identified in reporting as an ex-FBI cyber chief and now senior vice president at the Halcyon Ransomware Research Center, said she was a "latercomer to really wanting to focus on ransomware." Her FBI tenure included much work to intercept and stop cyber threats tied to nation-state actors, specifically threats from China and Russia, before she shifted attention to the ransomware problem.

Why the newcomers worry her more than the pros

In the course of an interview, Kaiser argued that amateur or inexperienced criminals — the "wannabes" — can present greater danger than seasoned professional cybercriminals. The core of her concern is practical and immediate: when attackers lack skill, their mistakes can make victim data irretrievable. That risk, she said, is part of what makes ransomware today's foremost threat.

What that means for defenders and users

  • Unpredictability: Kaiser's framing highlights a landscape in which threat actors vary not only by motive or origin but by competence. Professionals may follow playbooks; amateurs introduce variability and unexpected outcomes.

  • Durability of damage: The possibility that clumsy handling by attackers could render data permanently lost raises stakes for recovery planning and backups — a concern Kaiser distilled in her stark warning about never getting data back.

  • Focus for security teams: Kaiser's shift to ransomware research after a long federal career underscores the rising priority organizations and analysts may need to assign to ransomware, beyond traditional nation-state-related work.

Why this matters to policymakers and the public

Kaiser’s observations suggest a threat environment in which conventional binaries — state actor vs. criminal syndicate — are insufficient. The rise of less-skilled criminals complicates response, remediation and messaging: victims may suffer irreversible loss not because an attacker was especially capable, but because the attacker was inexperienced. That dynamic changes how institutions plan for resilience and how the public assesses risk.

If ransomware truly is "the biggest threat today," as Kaiser put it, then the conversation about mitigation has to account for both the sophisticated intrusions and the chaotic, error-prone attacks that can leave lasting damage.

Is the cybersecurity community prepared to handle not only clever adversaries, but careless ones whose mistakes can be as destructive as the most advanced operations?

https://go.theregister.com/feed/www.theregister.com/2026/04/08/cynthia_kaiser_interview/