Ransomware has become more difficult for organizations to defend against, but easier for adversaries to deploy. The rise of ransomware-as-a-service (RaaS) — a model in which ransomware operators write the malware and affiliates pay to launch it — has lowered the barrier to entry so threat actors of all skill levels can participate and profit.

OCULAR SPIDER is one such operator. This adversary, newly named by CrowdStrike, is associated with the development of ransomware variants including Cyclops, Knight, and RansomHub. They targeted hundreds of named victims between February 2024 and March 2025, according to CrowdStrike intelligence, and they focus on industries such as professional services, technology, healthcare, and manufacturing in regions including the United States, Canada, Brazil, and some European countries.

But OCULAR SPIDER is one of many operators in the ransomware space. Adam and Cristian take listeners back to the early days of ransomware and track its evolution, variants, and key players from the mid-2010s through the launch of RansomHub in 2024. They explain how RaaS works, why it appeals to adversaries and complicates attribution, and how defenders can prepare to face today’s ransomware threats.

Come for an update on Adam’s adventures in bread-making; stay for a deep-dive into the RaaS evolution and the threat actors driving it.