In this episode of The Dark Dive we look at how cyber defender's biggest nemeses - ransomware groups - use the dark web. Returning threat intelligence experts Jim Simpson and Louise Ferrett explain all of the functions of a ransomware leak site, how ransomware group members use dark web forums, and how monitoring this activity helps us understand how ransomware threat is evolving. We cover some of the biggest groups*, take a fascinating look at how they work with each other, and host Aidan Murphy learns the difference between "state-backed" and "nation-backed" threat actors. *Note - this episode was recorded before the takedown of LockBit in the international law enforcement action, Operation Cronos. Want to find out more? Email: [email protected] Website: www.slcyber.io LinkedIn: www.linkedin.com/company/searchlight-cyber X: www.twitter.com/SLCyberSec Weekly newsletter: www.slcyber.io/beacon/ Report: "More Groups, More Problems: Ransomware in 2023"