Cyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit – Matt Cauthorn – ESW #237



Sponsored By


Visit for more information!


Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim’s build server to introduce an exploit through which to launch large scale attacks.

This segment is sponsored by ExtraHop Networks.

Visit to learn more about them! Visit for all the latest episodes!

Full Episode Show Notes

Cyber Hat Trick: How Ransomware Gangs Exfiltrate, Encrypt & Exploit

– encrypting data is one way – they have a portfolio of attacks, they do whatever they can do to extort and make money

– too many ways to hide the money! – Moving towards the Internet of ownership, bad actors can just own our stuff.

– ransomware is the ultimate disruption, tech debt is real! – predatory lending scheme.

– More decentralization is needed to help combat attackers, not have one point of failure.

– Are we just moving the problem to the cloud? – Does it help with RBAC and permissions? permissions to network interfaces? Lifting and shifting has to evolve, its available, you just have to learn it.

– if there is no one central thing to encrypt, but its distributed somehow?

– how do you really own and protect your accounts? Map it back to blockchain?


Matt Cauthorn

Matt Cauthorn – VP Cloud Security at ExtraHop




Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.


Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance




Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

April Wright

April Wright – Preventative Security Specialist at Architect Security




April Wright is a Preventative Security Specialist at

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly




Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.


  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit to register and check out our rockstar lineup!