A ransomware crew can run through your whole company between dinner and dessert. Sean Martin sat down with Cynthia Kaiser — twenty years at the FBI, now leading the Halcyon Ransomware Research Center — on the speed of the threat, the human cost the industry keeps abstracting away, and why a slice of ransomware deserves a harder name than “crime.”
A ransomware crew can run through your whole company between dinner and dessert. Sean Martin sat down with Cynthia Kaiser — twenty years at the FBI, now leading the Halcyon Ransomware Research Center — on the speed of the threat, the human cost the industry keeps abstracting away, and why a slice of ransomware deserves a harder name than “crime.”
📺 Watch | 🎙️ Listen | seanmartin.com
Put your phone face-down at dinner on a Wednesday. Pick it up an hour later. In that time, an entire ransomware attack can have run through your company, start to finish. Wednesday is the favorite, Cynthia Kaiser told Sean Martin at InfoSecurity Europe, because the crews want you to walk in Thursday morning and find it. The fastest groups now go from break-in to full encryption in about four hours, sometimes under one. Humans do not move at that speed. The machines attacking us do.
Kaiser knows the tempo. She spent twenty years at the FBI, finishing as Deputy Assistant Director of its Cyber Division, and now runs the Ransomware Research Center at Halcyon. She has watched this threat from the side of the government that hunts it and the industry that sells against it, and the thing she most wants to pass along has nothing to do with technique. We should all be angrier about cybercrime than we are.
Her reason is the part the industry keeps abstracting away. We picture cybercrime as something that happens on a keyboard, to a network, to a number. Kaiser saw the other end of it: more than seventy-five thousand sextortion cases reported in the US in a single year, over twenty billion dollars in losses, and in one case thirty-eight victims referred to support services over the risk of suicide. The damage does not stay on the screen. It walks into homes.
When a ransomware crew steals a hospital’s files and then phones the patients directly, or calls a CEO to say they will burn his house down, Kaiser stops calling it crime. Those are predators, she says, people who know they are endangering lives and have decided it is someone else’s problem. There is an older word for that, and the word is terrorism. Most ransomware is ordinary crime. A slice of it is not, and she argues we should name that slice honestly instead of filing it under a tidy technical category.
Naming matters, because the other side is organized like a business, and lately like a software company. Kaiser’s team watched the market for criminal AI tools jump from thirty-eight forum posts in December to more than fourteen hundred two months later. Free tiers, paid upgrades for power users, the same tool mirrored across platforms for resilience. The technical people refine the product on the forums, then it graduates to the Telegram channels for buyers who could not build it themselves. Software-as-a-service, sold to extortionists.
The product that should worry you most is an AI call center. No humans involved, a hundred and twenty simultaneous calls in different languages, complete with simulated keyboard clicks so it sounds like a real office. Voice cloning now needs about three seconds of audio, which is enough to become your CEO on the phone. Kaiser’s advice is blunt: no voice on a call, however convincing, should ever grant access on its own.
Sean kept pulling the thread back to a point my own conversation with Geoff White had raised a day earlier, the line between locking data and stealing it to extort. The same crews do both, Kaiser said, and a few have moved somewhere worse, into the place with the phone calls and the threats. There are no borders in cyberspace, which is why her proudest moments were joint operations like the LockBit takedown, the FBI and the UK’s National Crime Agency working as one.
So what do we carry forward, and what do we leave behind? We carry the anger Kaiser is asking for, and the discipline of calling harm by its real name. We leave behind the comfortable fiction that any of this happens only on a keyboard.
Sean’s full conversation with Cynthia Kaiser is linked below, with the rest of our InfoSecurity Europe coverage.
Let’s keep thinking.
— Marco
Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Journalist | Writer | On Location With Sean Martin And Marco Ciappelli | 🌎 LAX🛸FLR 🌍
Sean Martin, CISSP, is the co-founder and Director of Operations and Programming at ITSPmagazine, and the host of the Redefining CyberSecurity podcast. An information security and technology veteran of more than thirty years and a multiple-time CISSP, he led engineering and delivery for hundreds of cybersecurity products before turning to journalism and broadcasting. Through Redefining CyberSecurity he keeps pressing one question: if we are selling security insincerely, buying it indiscriminately, and deploying it ineffectively, how do we make it usable, honest, and a real source of business value? He teaches at Pepperdine’s Graziadio Business School and broadcasts from New York City.
🌎 seanmartin.com | LinkedIn: linkedin.com/in/imsmartin
Cynthia Kaiser is Senior Vice President of the Halcyon Ransomware Research Center, which she joined in 2025 after two decades at the FBI. She finished her government career as Deputy Assistant Director of the FBI’s Cyber Division, leading its Cyber Policy, Intelligence, and Engagement Branch, and earlier served as a member of the Cyber Safety Review Board and as a daily intelligence briefer to senior White House officials across two administrations. Her work was instrumental in disrupting major ransomware operations including LockBit, 8base, and Qakbot. A frequent keynote speaker and media commentator quoted in the New York Times, Reuters, and Bloomberg, she focuses on threat research and intelligence sharing across government and industry to outpace ransomware.
🔗 LinkedIn: linkedin.com/in/cynthia-kaiser-cyber
More from this event:
Full InfoSecurity Europe 2026 coverage: ITSPmagazine InfoSecurity Europe 2026
All ITSPmagazine event coverage: Technology & Cybersecurity Conference Coverage
TRANSCRIPT SUMMARY & QUOTES — Cynthia Kaiser | InfoSecurity Europe 2026
(Host: Sean Martin — Redefining CyberSecurity / On Location)
Recorded On Location at InfoSecurity Europe 2026, Sean Martin sits down with Cynthia Kaiser — Senior Vice President of the Halcyon Ransomware Research Center and former Deputy Assistant Director of the FBI's Cyber Division — for a conversation about the speed, the business, and the human cost of ransomware. Kaiser, who spent twenty years at the Bureau before moving to industry, argues that everyone should be angrier about cybercrime than they are, pointing to the human toll behind the statistics: tens of thousands of sextortion cases, billions in losses, and victims pushed to the edge. She and Sean trace ransomware's evolution from a nation-state afterthought to a Main Street threat, the cross-border takedowns (LockBit, with the FBI and the UK's National Crime Agency) that work because there are no borders in cyberspace, and the unsettling speed of modern attacks — often four hours or less from break-in to encryption, frequently launched on a Wednesday night. Kaiser draws a hard line at the point where crews phone hospital patients or threaten a CEO's family, naming that slice of activity for what it is: terrorism. She also details how the criminal underground now operates like a software company, with a marketplace for AI tools that exploded from 38 forum posts to over 1,400 in two months, including AI call centers and voice cloning that needs only seconds of audio. Sean connects the discussion back to Marco's earlier conversation with Geoff White on the line between ransomware and extortion.
----- 3 QUOTES — CYNTHIA KAISER -----
On the human cost:
"We think about it on a keyboard, on the computer, but all of these have a human cost. The thing I'd take from my time at the FBI is making sure we tell the human story behind these threats, because it's real."
On naming it honestly:
"They've called patients at hospitals. They've told a CEO they'll set fire to his house. Those are predators who know they're endangering lives and decided it's someone else's problem. There's another word for that: terrorism."
On the speed:
"The fastest groups go from initial access to encryption in about four hours, sometimes under one. Put your phone down at Wednesday dinner, pick it back up, and there's been an entire ransomware attack. Humans can't move at that speed."
----- 3 QUOTES — SEAN MARTIN -----
On the human impact:
"There's a real human impact. That's where it gets tough — society moves where it wants to move."
On hitting the gang, not the foot soldier:
"It's about working together so you can amplify the impact — hit the gang, not just charge a low-level person."
On where it lands:
"Even one-on-one, it's still terror. They're casting a wide net, but ultimately it's a one-on-one interaction."