Inside The Lion’s Den: Infiltrating Ransomware Groups

In this eye-opening episode of And Security For All, host Kim Hakim sits down with Matthew Maynard, Information Security Operations Specialist at BJC HealthCare and dark web researcher who has spent the last year doing the unthinkable—infiltrating active ransomware groups from the inside.

Matthew shares how he entered closed cybercriminal communities, built trust, gathered intelligence, and passed critical findings to government agencies—all while maintaining a full-time role protecting one of the largest healthcare systems in the Midwest. His research provides a rare, real-time window into ransomware crews, their structure, their onboarding process, their business platforms, and the tactics they use to select, study, and strike their victims.

What You’ll Learn in This Episode

• How ransomware groups actually operate behind closed doors
• What “initial access brokers” are and why they’re the real first step in most attacks
• How threat actors select targets, test stolen credentials, and prepare for exploitation
• Why holidays and long weekends remain prime attack windows
• What defenders consistently overlook—and the fixes that matter most
• How Matthew manages OPSEC, safety, and reporting while undercover
• Why MFA gaps, vendor access, phishing, and unpatched systems remain the top entry points
• The surprising internal rules, ethics, and boundaries some threat groups enforce
• How organizations should rethink backups, insurance, and negotiating ransom demands

Matthew also discusses the psychological side of this work—the fear, the risk, and the personal motivation that keeps him in the fight. His insights provide actionable takeaways for CISOs, SOC teams, and anyone responsible for protecting an enterprise today.

This is a rare interview with someone who has seen ransomware operations from the inside. It’s a conversation every cybersecurity leader should hear.